TWO critical vulnerabilities in the ShareFile content collaboration and file‑sharing platform could be chained to achieve unauthenticated remote code execution, according to WatchTowr. One bug, tracked as CVE-2026-2699 (CVSS 9.8), allows unauthenticated access to configuration pages and was described as an Execution After Redirect issue discovered when attempting to reach an administrative endpoint.
By altering the HTTP response and dropping the Location header, WatchTowr gained access to a Storage Zone admin page, enabling the attacker to reconfigure a Zone to point to a local network and potentially exfiltrate files by directing uploads to a controlled AWS S3 bucket. A second flaw, CVE-2026-2701 (CVSS 9.1), is an arbitrary file upload issue that could be exploited to drop a web shell and enable RCE.
The two vulnerabilities were chained to achieve unauthenticated RCE on a vulnerable ShareFile instance, with fixes in version 5.12.4; ShareFile 6.x is not affected. Written by Ionut Arghire, published April 3, 2026.