CVE-2026-2699 & CVE-2026-2701: Progress ShareFile Storage Zones Controller Pre-Auth RCE Chain

On March 10, 2026, Progress ShareFile released fixes for two critical severity vulnerabilities in Progress ShareFile Storage Zones Controller (SZC) 5.x, tracked as CVE-2026-2699 and CVE-2026-2701. The first flaw arises from an authentication bypass due to improper redirect/session handling (Execution After Redirect) in /ConfigService/Admin.aspx that allows a remote unauthenticated threat actor to access restricted administrative ... CVE-2026-2699 & CVE-2026-2701: Progress ShareFile Storage Zones Controller Pre-Auth RCE Chain

On March 10, 2026, Progress ShareFile released fixes for two critical severity vulnerabilities in Progress ShareFile Storage Zones Controller (SZC) 5.x, tracked as CVE-2026-2699 and CVE-2026-2701. The first flaw arises from an authentication bypass due to improper redirect/session handling (Execution After Redirect) in /ConfigService/Admin.aspx that allows a remote unauthenticated threat actor to access restricted administrative ... CVE-2026-2699 & CVE-2026-2701: Progress ShareFile Storage Zones Controller Pre-Auth RCE Chain On March 10, 2026, Progress ShareFile released fixes for two critical severity vulnerabilities in Progress ShareFile Storage Zones Controller (SZC) 5.x, tracked as CVE-2026-2699 and CVE-2026-2701. The first flaw arises from an authentication bypass due to improper redirect/session handling (Execution After Redirect) in /ConfigService/Admin.aspx that allows a remote unauthenticated threat actor to access restricted administrative ... CVE-2026-2699 & CVE-2026-2701: Progress ShareFile Storage Zones Controller Pre-Auth RCE Chain