VYPR
advisoryPublished Jul 10, 2026· 3 sources

Progress Warns ShareFile Users of Credible Threat, Urges Server Shutdown

Progress Software has issued an urgent warning to customers using its on-premises ShareFile Storage Zone Controllers, advising them to immediately shut down their servers due to a credible external security threat.

Progress Software is taking drastic measures to protect its customers, urging those who utilize ShareFile Storage Zone Controllers to immediately shut down their servers. The company has identified what it describes as a "credible external security threat" specifically targeting the on-premises component of its secure file-sharing software. While Progress has stated there is currently no indication of unauthorized access to ShareFile accounts or data, the precautionary shutdown is deemed critical.

ShareFile is Progress Software's enterprise solution for secure file sharing and collaboration. While it offers a cloud-hosted option, many organizations opt for a hybrid deployment. This involves using the ShareFile cloud for authentication and user management, but hosting their actual files on on-premises Windows servers via Storage Zone Controllers. This setup allows sensitive data to remain within the organization's own infrastructure while leveraging ShareFile's cloud features for seamless sharing and collaboration.

The Storage Zone Controllers play a pivotal role in these hybrid deployments, acting as the intermediary between the ShareFile cloud platform and the customer's local storage. When a user interacts with a file, the ShareFile cloud directs the request to the appropriate Storage Zone Controller, which then retrieves or stores the file on the company's own servers before transferring it to the user. Due to their function in handling file transfers, these controllers are typically internet-accessible.

The urgent advisory was communicated to customers via an email titled "Service Disruption. Immediate Action Required." Progress explicitly stated that disabling access through the ShareFile cloud platform alone is insufficient to mitigate the identified threat. "You must manually shut down the server hosting your Storage Zone Controllers. This is a critical additional step to ensure the safety of your data," the company emphasized in its communication.

Progress has temporarily restricted access to ShareFile accounts that utilize Storage Zone Controllers as a "precaution" while working with cybersecurity experts to investigate the threat. The company has committed to providing another update to customers within 24 hours. The ShareFile status page now reflects this disruption, indicating that "ShareFile customers with Storage Zone Controllers are not operational at this time."

Details regarding the specific vulnerability being exploited or the identity of the threat actor have not yet been disclosed by Progress Software. This situation draws parallels to previous attacks that have targeted enterprise file transfer and sharing software. Notably, in 2023, the Clop extortion gang leveraged a zero-day vulnerability in Progress's MOVEit Transfer product, leading to widespread data theft and subsequent extortion campaigns against thousands of organizations.

The targeting of managed file transfer and enterprise file-sharing platforms remains a persistent trend in the cybersecurity landscape. These systems often handle highly sensitive data, making them attractive targets for threat actors seeking to exfiltrate information for financial gain or other malicious purposes. The current incident involving ShareFile Storage Zone Controllers underscores the ongoing risks associated with such critical infrastructure.

A Progress spokesperson reiterated the information provided in the customer email when contacted for further details. The company's swift action, including the direct instruction to shut down servers, suggests a high level of concern regarding the potential impact of this threat on its customers' data and operations.

The new article provides additional context by referencing two previously disclosed critical vulnerabilities, CVE-2026-2699 and CVE-2026-2701, in the ShareFile Storage Zone Controller architecture. These flaws, which could be chained to achieve remote code execution, were disclosed in April 2026 and patched by Progress Software. The current advisory's precautionary shutdown of servers suggests the threat may be related to these past vulnerabilities or a new zero-day exploit targeting the same component.

The article provides additional context on the security threat affecting Progress ShareFile Storage Zone Controllers, noting that the company's directive to shut down servers, rather than patch them, suggests a novel vulnerability or an issue unaddressable by a simple fix. It also highlights that this is not the first time ShareFile's on-premises controllers have been targeted, referencing a similar incident in 2023 involving an unauthenticated flaw that was actively exploited.

Synthesized by Vypr AI