ShareFile Flaws Enable Unauthenticated Remote Code Execution

ShareFile Flaws Enable Unauthenticated Remote Code Execution

Posted on By CWS

Critical vulnerabilities have been identified in the ShareFile platform, a popular tool for content collaboration and file-sharing. These weaknesses, if exploited together, can lead to unauthenticated remote code execution (RCE), according to cybersecurity experts at WatchTowr.

Details of the Vulnerabilities

The first vulnerability, labeled CVE-2026-2699 and carrying a CVSS score of 9.8, permits attackers to access restricted configuration pages without authentication. This flaw, described as an Execution After Redirect (EAR) issue, was discovered when attempts were made to reach an administrative endpoint via a web browser.

Though the browser redirected to a login page meant to be local-only, the HTTP header revealed more information than anticipated. By altering the HTTP response and omitting the Location header, WatchTowr gained unauthorized entry to the admin page for Storage Zone settings.

Implications of the Security Flaws

This access enabled WatchTowr to manipulate Storage Zone parameters, including the ShareFile passphrase, and connect a victim’s Storage Zone Controller to a malicious Zone without authentication. This manipulation could redirect the victim’s file repository to an external AWS S3 Bucket controlled by the attacker, facilitating the exfiltration of sensitive data.

Furthermore, attackers could misuse administrative access to change the file storage location to insecure areas, such as the application’s webroot directory, posing significant security threats.

Exploitation and Resolution

While investigating, WatchTowr also uncovered CVE-2026-2701, an arbitrary file upload vulnerability with a CVSS score of 9.1. This flaw allows attackers to upload a web shell, achieving RCE. By combining these vulnerabilities, attackers could execute RCE on ShareFile instances without needing authentication.

These security issues were reported to ShareFile in early February and have since been resolved in version 5.12.4. It is important to note that ShareFile versions 6.x are not impacted by these vulnerabilities.

The discovery underscores the importance of timely updates and patches to safeguard against potential cyber threats.

Security Week News Tags:, , , , , , , , , , , ,

Related Posts

Cisco ISE, CitrixBleed 2 Vulnerabilities Exploited as Zero-Days: Amazon Cisco ISE, CitrixBleed 2 Vulnerabilities Exploited as Zero-Days: Amazon Security Week News
Hawaiian Airlines Hacked as Aviation Sector Warned of Scattered Spider Attacks Hawaiian Airlines Hacked as Aviation Sector Warned of Scattered Spider Attacks Security Week News
377,000 Impacted by Data Breach at Texas Gas Station Firm 377,000 Impacted by Data Breach at Texas Gas Station Firm Security Week News
Australia Sanctions Hackers Supporting North Korea’s Weapons Program Australia Sanctions Hackers Supporting North Korea’s Weapons Program Security Week News
Cisco Addresses Critical IOS Security Flaws Cisco Addresses Critical IOS Security Flaws Security Week News
Telecom Firm Colt Confirms Data Breach as Ransomware Group Auctions Files Telecom Firm Colt Confirms Data Breach as Ransomware Group Auctions Files Security Week News