[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fhSy8xM3CAbgupo2kEPkhbSZxpVCaomSRy-mudT9yw60":3},{"article":4,"iocs":42},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":24,"category":25,"article_tags":29},"9a4498c3-eda8-4011-81e0-fe64e2b8977c","Progress Confirms Zero-Day Vulnerability Behind ShareFile Disruption","progress-confirms-zero-day-vulnerability-behind-sharefile-disruption-5a7f5d","The company has rolled out a fix and is restoring access for Storage Zones Controller customers who apply it. The post Progress Confirms Zero-Day Vulnerability Behind ShareFile Disruption appeared first on SecurityWeek.","Progress Software has confirmed a zero-day vulnerability in its ShareFile Storage Zones Controller versions 5.x and 6.x, which led to a service disruption. The company has released patched versions and is restoring access for customers who apply the fix. While Progress states there's no evidence of customer compromise, security experts suggest the aggressive response implies potential for more significant exploitation.","Progress Software confirms zero-day vulnerability in ShareFile Storage Zones Controller.","Progress Software has confirmed that a zero-day vulnerability was behind the recent ShareFile Storage Zones Controller disruption and that access to the service is being restored. The confirmation comes two days after the company disabled access to ShareFile accounts for all customers using Storage Zones Controllers, citing ‘a credible external security threat’. “As of Tuesday, July 14th, access has been restored for Progress ShareFile Storage Zones Controller customers following the service disruption we communicated previously,” Progress told SecurityWeek. The company explained that it prompted customers to shut down their servers running Storage Zones Controllers due to a high-severity vulnerability in versions 5.x and 6.x of the product. “We developed and released patched versions to customers, and once patched, these customers’ Storage Zones Controllers will be operational,” Progress said. The company has not shared details on the vulnerability and has yet to respond to SecurityWeek’s follow-up questions, but said it is not aware of any customer compromise.Advertisement. Scroll to continue reading. “At this time, we have no evidence of unauthorized access to any ShareFile customer account or data, and we have not identified any active threat,” the company said. In private communication to its customers, Progress said that the security defect is a path traversal bug exploitable by attackers with administrative privileges. “An authenticated administrative user can read arbitrary files accessible to the application’s service account, write threat actor-controlled content to arbitrary directories, or enumerate the server filesystem layout,” a copy of the email shared on Reddit reads. According to WatchTowr founder and CEO Benjamin Harris, Progress’s description of the issue and its withholding of details suggest there might be more to the story. “Vulnerabilities that already assume an attacker has administrative access do not typically trigger such an aggressive response. So what’s the missing piece? Is there more to the attack than has been disclosed? Has Progress observed attacker activity that warrants a more aggressive response?” Harris said. Defenders are advised to assume the worst, to update their ShareFile Storage Zone Controllers immediately, and to assume that exposed systems may have been compromised. “Don’t assume that installing a patch is the end of the story. When a vendor tells customers to disconnect servers from the internet and then ships a patch days later, for an admin-only exploitable vulnerability no less, no one will be blamed for pondering,” Harris said. Related: Critical Vulnerabilities Patched With Fresh Chrome 150, Firefox 152 Updates Related: SAP Patches Critical Vulnerabilities in NetWeaver, Approuter, Commerce Cloud Related: RabbitMQ Vulnerability Threatens Enterprise Systems Related: 15-Year-Old Linux Vulnerability ‘GhostLock’ Earns Researchers $92k From Google Written By Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights. More from Ionut Arghire SAP Patches Critical Vulnerabilities in NetWeaver, Approuter, Commerce CloudUS, Allies Warn of Russian Cyberattacks Targeting Critical Infrastructure RoutersMultiple Jscrambler Packages Impacted by Supply Chain AttackRabbitMQ Vulnerability Threatens Enterprise SystemsZimbra Patches Critical Code Execution VulnerabilityOrganizations Warned of Exploited Joomla Extension VulnerabilitiesProgress Prompts ShareFile Storage Zone Controller Shutdown Amid Security ConcernsGhost Accounts Abuse GitHub API in Mass Recon Campaign Latest News ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, RockwellCritical Vulnerabilities Patched With Fresh Chrome 150, Firefox 152 UpdatesSonicWall Issues Urgent SMA Patch Warning for Two Zero-Day ExploitsMicrosoft Patches Record 622 Vulnerabilities, Including Two Exploited Zero-DaysSynopsys Finds No Evidence of Data Breach Amid Bosch Hack ClaimsAdobe Patches Critical ColdFusion Vulnerabilities7 Severe Vulnerabilities Patched in VMware Avi Load BalancerUnpatched Claude for Chrome Flaw Lets Extensions Read Gmail, Calendar Trending Daily Briefing NewsletterSubscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Why Email Security Keeps Failing (And What Has to Change) July 8, 2026 Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more. Register Virtual Event: 2026 Cloud Security Summit July 15, 2026 This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments. Register People on the MoveF5 has appointed Cathy Peterman as Chief People Officer.Sean Murphy has joined F5 as a Field Chief Information Security Officer - North America.CodeHunter has appointed Stephen McCarney as Chief Strategy Officer.More People On The MoveExpert Insights The Shift Toward Business-Aligned Risk Management Moving from isolated, technical data to a continuous risk lifecycle can help organizations align security controls with actual business consequences. (Steve Durbin) How to Conduct a Successful Audit of AI-Driven Software Development As AI-generated code becomes commonplace, CISOs need new audit strategies to measure developer practices, govern AI tool usage, and identify software risks before they reach production. (Matias Madou) Frontier AI: Six Questions Every Enterprise Should Ask Security Vendors From model selection and automation to validation and measurable results, the right questions can help enterprises separate genuine AI capabilities from marketing hype. (Joshua Goldfarb) The AI Token Costs That Can Break Cybersecurity As cybersecurity platforms embrace agentic AI, organizations must balance detection performance against the escalating costs of token consumption, deployment architecture, and AI credits. (Danelle Au) When Information Becomes the Attack Surface – Understanding AI Agent Traps From hidden content injections to cognitive state poisoning, attackers are turning trusted data sources into traps for autonomous AI. (Etay Maor) Flipboard Reddit Whatsapp Whatsapp Email","https:\u002F\u002Fwww.securityweek.com\u002Fprogress-confirms-zero-day-vulnerability-behind-sharefile-disruption\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2026\u002F06\u002Fvulnerability-software-bug.webp","2026-07-15T09:48:29+00:00","2026-07-15T10:00:16.219813+00:00",8,[18,21],{"name":19,"type":20},"ShareFile Storage Zones Controller","product",{"name":22,"type":23},"Progress Software","vendor","80544778-fabb-4dcd-aa35-17492e5dcf4f",{"id":24,"icon":26,"name":27,"slug":28},null,"Vulnerabilities","vulnerabilities",[30,35,40],{"category":31},{"id":32,"icon":26,"name":33,"slug":34},"26b0b636-0e31-4db1-bffb-61bdf9f20a58","Supply Chain","supply-chain",{"category":36},{"id":37,"icon":26,"name":38,"slug":39},"574f766a-fb3f-487c-8d2c-0720ae75471b","Zero-day","zero-day",{"category":41},{"id":24,"icon":26,"name":27,"slug":28},[]]