All incidents

Progress Software zero‑day flaw disrupts ShareFile service

vulnerabilityopenJul 13, 2026 — Jul 15, 2026
Progress Software zero‑day flaw disrupts ShareFile service

PROGRESS Software confirmed that a zero‑day vulnerability in its ShareFile Storage Zones Controller caused a service disruption that began on July 13 and led to the temporary shutdown of access for affected customers. The firm said it blocked the service after detecting a credible external security threat and restored access after releasing patched versions. The interruption prevented users from uploading or downloading files through the on‑premises storage component, pushing many organizations to seek workarounds while the investigation unfolded. No official comment was given on whether any data had been accessed before the shutdown.

The flaw is a path traversal bug that lets a user with administrative privileges read or write files outside the intended directory, effectively bypassing the sandbox that normally isolates customer data. By crafting a specially formed request, an attacker could traverse up the file system and access sensitive configuration files, logs or even the underlying operating system.

Progress has not assigned a CVE identifier to the issue, but internal ratings classify it as high severity because of the potential impact on confidentiality and integrity. Exploitation requires a valid admin credential, which limits the attack surface but still represents a significant insider threat.

Progress Software said the vulnerability affects all versions of the Storage Zones Controller released before the patch issued on July 15, meaning any deployment that had not received the update was exposed. The company noted that the flaw could be triggered only after authentication, so attackers would need to compromise an administrator account first, perhaps through phishing or credential stuffing. Once inside, the malicious actor could plant a backdoor or exfiltrate configuration secrets that might aid further lateral movement. The vendor urged customers to verify their build numbers and apply the hotfix without delay.

Despite the outage, Progress has not reported any confirmed data breach or unauthorized access linked to the flaw. The company’s status page shows the incident started on July 13 at 12:32 UTC and lasted until July 15 when service was gradually restored in a phased manner. No threat actors have been named in the public advisories, and investigators have not observed indicators of compromise in the logs they have reviewed so far. Nevertheless, the temporary suspension of the service highlights how a single privileged‑level bug can disrupt critical file‑sharing operations.

Defenders should immediately apply the update provided by Progress and verify that their Storage Zone Controllers are running the patched build. If the component is not required for daily operations, turning it off until the fix is applied reduces exposure while the risk is assessed. Administrators should also review privileged account usage, enforce multi‑factor authentication and look for unusual file system activity in logs that could indicate an attempted traversal. Monitoring network traffic for unexpected outbound connections from the controller can help catch any post‑exploitation behavior.

Keeping software up to date and limiting admin rights remain basic but effective steps to mitigate similar issues. Progress advises customers to monitor its security advisories for any further guidance and to report any anomalous behavior promptly. Staying informed about the evolving threat environment helps organisations anticipate and defend against emerging risks.

Intelligence briefing updated Jul 15, 2026

Root sourcestatus.sharefile.com
Timeline Coverage

Swipe to explore timeline