Progress Software, a prominent player in the enterprise software sector, has advised its ShareFile customers to pause operations on their Storage Zone Controller servers due to emerging security concerns. This directive was issued on Friday as the company responds to potential risks.
Understanding the Role of Storage Zone Controllers
Storage Zone Controllers are integral to ShareFile’s functionality, offering customers secure, private data storage solutions. These controllers can be deployed on-premises or through third-party systems, managed by application-specific passwords. They provide clients with enhanced control and security over their data storage.
On Friday, Progress Software took the precautionary step of restricting access to ShareFile accounts utilizing these controllers. The company is currently probing a credible external security threat that has surfaced.
Company’s Response and Customer Instructions
A statement released on Progress’s forums acknowledged the external security threat specifically targeting ShareFile Storage Zone Controllers. In addition to the access restrictions, Progress has urged customers to proactively shut down their servers hosting these controllers while experts carry out a comprehensive security assessment.
Customers were informed through private communications that the access restrictions are temporary. However, the company has not yet provided a timeline for resolving the issue, maintaining that there is no indication of unauthorized access to customer data at this time.
Speculations and Known Vulnerabilities
While Progress has yet to disclose specific details regarding the nature of the threat, speculation among users points to potential exploitation of vulnerabilities reported earlier in the year. Two critical flaws, identified as CVE-2026-2699 and CVE-2026-2701, could be leveraged to manipulate system configurations and execute unauthorized code remotely.
These vulnerabilities, with high Common Vulnerability Scoring System (CVSS) scores of 9.8 and 9.1, respectively, highlight the severity of the potential risks involved. Progress’s prompt response underscores the importance of addressing such vulnerabilities to ensure data safety and integrity.
SecurityWeek has reached out to Progress Software for further comments. Updates will be provided should the company issue an additional statement on this matter.
