Progress Software has issued an urgent advisory to customers operating on-premises ShareFile Storage Zone Controllers, instructing them to immediately shut down the servers hosting these components. This directive comes in response to a “credible external security threat” targeting the platform.
In a communication sent directly to customers, Progress emphasized that, while there is currently no evidence of unauthorized access to ShareFile accounts or data, the shutdown is a precautionary measure. The company is collaborating with internal and external cybersecurity experts to thoroughly assess the threat.
Administrators have been informed that Progress has already disabled account access through Storage Zone Controllers for all affected customers. Additionally, they are required to manually power down the underlying servers to further safeguard data.
Progress anticipates providing updates within 24 hours and has characterized this action as a precautionary step rather than a response to a confirmed breach. The specific nature of the threat has not been disclosed, leaving open the possibility of a new zero-day vulnerability or renewed exploitation attempts against the Storage Zone Controller architecture.
This is not the first security concern associated with ShareFile’s customer-managed gateway. In April 2026, watchTowr Labs identified two critical vulnerabilities in the Storage Zone Controller: CVE-2026-2699, an authentication bypass with a CVSS score of 9.8, and CVE-2026-2701, a remote code execution flaw scoring 9.1. Exploiting these vulnerabilities in tandem allowed unauthenticated attackers to access restricted configuration pages and deploy malicious ASPX webshells, achieving full remote code execution without credentials.
At that time, the Shadowserver Foundation detected approximately 784 internet-exposed instances, with the United States and Germany exhibiting the highest exposure. A broader scan by watchTowr identified nearly 30,000 visible instances. Progress addressed these flaws in version 5.12.4, and the newer 6.x branch, built on .NET Core, was confirmed to be unaffected.
Given the platform’s history of critical pre-authentication remote code execution vulnerabilities, security teams should treat this new warning with utmost seriousness. It is advisable to isolate internet-facing Storage Zone Controller instances and monitor for further guidance from Progress.
This incident underscores the persistent challenges in securing widely used enterprise platforms. Organizations must remain vigilant, promptly apply patches, and adhere to best practices to mitigate potential threats. The proactive approach taken by Progress highlights the importance of swift action in the face of credible security threats.