CVE-2026-2699

Published Apr 2, 2026

Last updated 16 days ago

CVSS critical 9.8
Supply chain

Overview

Description
Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution.
Source
security@progress.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

security@progress.com
CWE-284

Social media

Hype score
Not currently trending

  1. IR/CERT Morning Brief Today’s priorities: alleged mass exploitation of CVE-2025-55182 affecting exposed Next.js hosts, a pre-auth ShareFile RCE chain (CVE-2026-2699 / CVE-2026-2701), and malware delivery following the Claude Code source leak. Also watching Iran-linked cloud

    @Team_D4rkn3ttz

    3 Apr 2026

    334 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    7 Replies

    0 Quotes

Related CVEs

  1. Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149.0.2 and Thunderbird 149.0.2.CVE-2026-5735
  2. Fortinet FortiClient EMS Improper Access Control VulnerabilityCVE-2026-35616
  3. Authenticated user can upload a malicious file to the server and execute it, which leads to remote code execution.CVE-2026-2701
  4. TrueConf Client Download of Code Without Integrity Check VulnerabilityCVE-2026-3502
  5. Gigabyte Control Center developed by GIGABYTE has an Arbitrary File Write vulnerability. When the pairing feature is enabled, unauthenticated remote attackers can write arbitrary files to any location on the underlying operating system, leading to arbitrary code execution or privilege escalation.CVE-2026-4415

References

Sources include official advisories and independent security research.