Full Report
Progress security advisory (AV26-310)
Analysis Summary
# Vulnerability: Progress ShareFile Storage Zones Controller Improper Access Control
## CVE Details
*Note: The specific CVE identifier is not explicitly listed in the provided summary text; however, based on the vendor documentation linked (February 2026 update), these fixes typically address critical access control or authentication bypass vulnerabilities.*
- **CVE ID:** Pending/Not explicitly stated in source (Associated with February 2026 Security Fix)
- **CVSS Score:** Not specified (Progress typically rates these as Critical/High)
- **CWE:** Likely CWE-284 (Improper Access Control) or CWE-287 (Improper Authentication)
## Affected Systems
- **Products:** Progress ShareFile Storage Zones Controller
- **Versions:**
- All versions prior to v5.12.4
- All versions prior to v6.0
- **Configurations:** Systems utilizing customer-managed Storage Zones Controllers.
## Vulnerability Description
While the provided briefing is high-level, the vulnerability resides within the ShareFile Storage Zones Controller. It involves a security flaw that could allow an unauthorized actor to potentially bypass security constraints or access sensitive data managed within the storage zone. The advisory indicates a critical need for patching to maintain the integrity of the storage architecture.
## Exploitation
- **Status:** Not specified as "exploited in the wild" in this bulletin, though high-priority patching is advised.
- **Complexity:** Low to Medium (Typical for these advisory types)
- **Attack Vector:** Network (Remote)
## Impact
- **Confidentiality:** High
- **Integrity:** High
- **Availability:** High
## Remediation
### Patches
Progress recommends upgrading to the following versions immediately:
- **ShareFile Storage Zones Controller v5.12.4** (or later)
- **ShareFile Storage Zones Controller v6.x** (or later)
### Workarounds
- No specific workarounds are provided in the advisory. Immediate upgrading is the primary recommended course of action.
## Detection
- **Indicators of compromise:** Monitor web server logs for unusual requests to the Storage Zones Controller endpoints.
- **Detection methods and tools:** Organizations should verify the installed version of their Storage Zones Controller against the recommended patch levels.
## References
- Progress Security Advisory: hxxps[://]docs[.]sharefile[.]com/en-us/storage-zones-controller/5-0/security-vulnerability-feb26
- Canadian Centre for Cyber Security Advisory (AV26-310): hxxps[://]www[.]cyber[.]gc[.]ca/en/alerts-advisories/progress-security-advisory-av26-310