Security threat prompts Progress to disable ShareFile accounts, tell customers to shut down servers
A “credible external security threat” targeting Progress Software’s ShareFile Storage Zone Controllers (SZC) – the on-premises, customer-managed server components where organizations store files shared via this popular enterprise platform – has spurred the company to disable access to ShareFile accounts that are using them.
The warning was sent to customers via email on July 10, urging them to manually shut down the server that is hosting their Storage Zone Controllers.

The initial email alert from Progress Software
“This is a critical additional step to ensure the safety of your data,” the company said, and promised regular updates on the situation.
Investigation ongoing as access is gradually restored
The ShareFile Status Page still shows the status report from July 10, saying that the company is investigating the issue and that “ShareFile customers with Storage Zone Controllers are not operational at this time.”
A Knowledge Base article published on July 11 says that Progress Software has “no indication of unauthorized access to any Progress ShareFile Accounts or data.”
Participants in an active discussion thread on the Sysadmin subreddit have complained that Progress’s subsequent communications contained no new information.
The company is reportedly starting to restore access to the affected ShareFile accounts, though it’s asking customers to keep their Storage Zone Controllers disabled for the time being.
While Progress is yet to officially confirm the underlying cause of the disruption, theories about it are circulating. Some commenters suggest that attackers may have chained two vulnerabilities (CVE-2026-2699 and CVE-2026-2701) to achieve pre-authentication remote code execution on unpatched on-premises SZC deployments.
The company said it’s working with internal and external cyber security experts to assess the potential threat.

Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!
