Critical vulnerabilities have been identified in the ShareFile platform, a popular tool for content collaboration and file-sharing. These weaknesses, if exploited together, can lead to unauthenticated remote code execution (RCE), according to cybersecurity experts at WatchTowr.
Details of the Vulnerabilities
The first vulnerability, labeled CVE-2026-2699 and carrying a CVSS score of 9.8, permits attackers to access restricted configuration pages without authentication. This flaw, described as an Execution After Redirect (EAR) issue, was discovered when attempts were made to reach an administrative endpoint via a web browser.
Though the browser redirected to a login page meant to be local-only, the HTTP header revealed more information than anticipated. By altering the HTTP response and omitting the Location header, WatchTowr gained unauthorized entry to the admin page for Storage Zone settings.
Implications of the Security Flaws
This access enabled WatchTowr to manipulate Storage Zone parameters, including the ShareFile passphrase, and connect a victim’s Storage Zone Controller to a malicious Zone without authentication. This manipulation could redirect the victim’s file repository to an external AWS S3 Bucket controlled by the attacker, facilitating the exfiltration of sensitive data.
Furthermore, attackers could misuse administrative access to change the file storage location to insecure areas, such as the application’s webroot directory, posing significant security threats.
Exploitation and Resolution
While investigating, WatchTowr also uncovered CVE-2026-2701, an arbitrary file upload vulnerability with a CVSS score of 9.1. This flaw allows attackers to upload a web shell, achieving RCE. By combining these vulnerabilities, attackers could execute RCE on ShareFile instances without needing authentication.
These security issues were reported to ShareFile in early February and have since been resolved in version 5.12.4. It is important to note that ShareFile versions 6.x are not impacted by these vulnerabilities.
The discovery underscores the importance of timely updates and patches to safeguard against potential cyber threats.
