Emerging Threat: Progress Customers Instructed to Shut Down Storage Zone Controllers

Executive Summary

Beazley Security has been made aware of an emerging threat targeting Progress Software ShareFile.  Progress Software issued an emergency communication via email to customers, urging immediate server shutdown citing a “credible external security threat targeting Progress Software’s ShareFile Storage Zone Controllers.” Progress Software have also reportedly temporarily disabled Storage Zone Controller (SZC) based accounts while the investigation is underway.

At the time of writing, Progress Software have not released any technical details about the threat, or whether a zero-day vulnerability is involved. This warning follows the public April 2026 disclosure of two critical vulnerabilities tracked as CVE-2026-2699 and CVE-2026-2701 which when chained allowed unauthenticated remote code execution on exposed SZC servers.

Progress Software further warns “You must manually shut down the server hosting your Storage Zone Controllers. This is a critical additional step to ensure the safety of your data,” indicating that cloud-side management capabilities or mitigation options are not currently available to protect on-premises SZC deployments.

Given the sensitive nature of data hosted on these systems and confirmed credible threat from Progress Software, Beazley Security recommends following vendor guidance to disable controllers and reduce risk. This is an evolving situation, and Beazley Security will update this advisory as additional details become available.

Affected Systems and Products

The notification from Progress indicates that only the ShareFile Storage Zone Controller product is affected. It appears to affect all versions, as Progress have temporarily disabled all access to the system and instructed clients to shut down the associated on-premises file servers integrated with the ShareFile system.

Mitigations and Workarounds

Progress stated that as a precaution, they have temporarily disabled access to ShareFile accounts using SZCs. However, Progress is instructing customers to manually shut down Windows servers hosting SZCs as a required additional mitigation step.

There have been no additional mitigations provided by the vendor at the time of writing.

Patches

Progress Software have not confirmed whether this threat is related to a specific vulnerability or a zero-day, and no patches have been publicly released at this time.

Technical Details

The ShareFile Storage Zone Controller is an application that allows a client to host files on their own infrastructure but share them with the Progress ShareFile interface.

The email sent to clients indicates they believe the controllers are being targeted in a cyber attack, and that they have disabled ShareFile account access to these controllers in response. Because the system involves file servers hosted by clients, Progress has instructed clients to shut down their associated on-premises file servers as well.

The nature of the underlying weakness or emerging threat has not been publicly disclosed by Progress ShareFile at the time of writing. However, based on the messaging and previous vulnerability research, the attack surface of concern likely centers on on-premises, internet facing SZC deployments.

This is an evolving situation, and Beazley Security will update this advisory as additional details become available.

How Beazley Security is Responding

Beazley Security is monitoring client perimeter devices through our Exposure Management Platform to identify impacted devices and support organizations in remediation of any issues found.

We are also conducting threat hunts across our MDR environment to detect potential exploitation attempts against our clients.

If you believe your organization may have been impacted by this attack campaign and need support, please contact our Incident Response team.

Sources

Aware of an incident impacting your industry? Let us know:

Report an incident