Unauthenticated RCE via Config Access in ShareFile SZC: CVE-2026-2699 April 2026

EAR vulnerability in Progress ShareFile Storage Zones Controller (SZC)
Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution.

Vulnerability Analysis

CVE-2026-2699 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. An automatable proof of concept (POC) exploit exists. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Types

What is a Redirect Without Exit Vulnerability?

The web application sends a redirect to another location, but instead of exiting, it executes additional code.

CVE-2026-2699 has been classified to as a Redirect Without Exit vulnerability or weakness.

What is an Authorization Vulnerability?

The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVE-2026-2699 has been classified to as an Authorization vulnerability or weakness.

Unauthenticated RCE via Config Access in ShareFile SZC
CVE-2026-2699 Published on April 2, 2026

Vulnerability Analysis

Weakness Types

What is a Redirect Without Exit Vulnerability?

What is an Authorization Vulnerability?

Affected Versions

Unauthenticated RCE via Config Access in ShareFile SZCCVE-2026-2699 Published on April 2, 2026

Vulnerability Analysis

Weakness Types

What is a Redirect Without Exit Vulnerability?

What is an Authorization Vulnerability?

Affected Versions

Unauthenticated RCE via Config Access in ShareFile SZC
CVE-2026-2699 Published on April 2, 2026