CVE-2026-2699 Scanner
CVE-2026-2699 Scanner - Authentication Bypass vulnerability in Progress ShareFile Storage Zones Controller
Short Info
Level
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
18 days 9 hours
Scan only one
Domain, Subdomain, IPv4
Toolbox
Progress ShareFile Storage Zones Controller is a solution widely used by enterprises to manage data storage and file sharing securely across private clouds. It facilitates the distribution of data close to users to optimize performance, thus enhancing efficiency and reliability in document management. It is typically deployed in environments where data privacy and strict access controls are crucial, appealing to industries like finance, healthcare, and legal services due to its robust security features.
The vulnerability in question is an authentication bypass that can occur during an unauthorized execution after a redirect, allowing attackers to access sensitive configuration pages without authentication. This exposure can grant unauthorized users the ability to alter critical system configurations and potentially lead to remote code execution. This flaw compromises the system's integrity, leading to potential full-system compromise by malicious entities.
The technical details of this vulnerability involve an authentication flow that fails to properly manage session and state information after redirects. Specifically, the vulnerable endpoint is the /ConfigService/Admin.aspx page, which is improperly exposed. When exploited, attackers can bypass normal access controls, particularly redirect status checks (like HTTP 302), allowing them access to restricted areas of the system poised for administrative changes.
If this vulnerability is exploited, potential effects include unauthorized changes to system configurations, exposure of sensitive data, disruption of system services, and possibly remote code execution allowing full system compromise. Such actions could lead to data breaches or service outages, severely affecting trust and operational capabilities of the organization involved.
REFERENCES
- https://github.com/watchtowrlabs/watchTowr-vs-Progress-ShareFile-CVE-2026-2699
- https://labs.watchtowr.com/youre-not-supposed-to-sharefile-with-everyone-progress-sharefile-pre-auth-rce-chain-cve-2026-2699-cve-2026-2701/
- https://docs.sharefile.com/en-us/storage-zones-controller/5-0/security-vulnerability-feb26
