CVE-2026-2699CRITICAL 9.8EPSS p98.7%

CVE-2026-2699CVE-2026-2699

Description

Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS49.42% probability of exploitation · percentile 98.7% · 2026-06-19T12:03:05Z
Published2026-04-02
Last modified2026-04-21

Underlying weaknesses· 2

CWE-284CWE-698

References

  1. https://docs.sharefile.com/en-us/storage-zones-controller/5-0/security-vulnerability-feb26
  2. https://github.com/watchtowrlabs/watchTowr-vs-Progress-ShareFile-CVE-2026-2699

2

TypeTargetConfidenceTier
WeaknessImproper Access Controlcwe-2840%live
WeaknessExecution After Redirect (EAR)cwe-6980%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Citrix ShareFile Improper Access Control Vulnerability
CVE
CVE-2026-21669
CVE
CVE-2026-21666
CVE
CVE-2025-23120
CVE
CVE-2025-41668
CVE
CVE-2026-21667
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.