ViralTopic

Progress ShareFile pre-auth RCE chain

April 2, 2026watchTowr, The Hacker News

The Hacker News warns of a pre-auth RCE chain in Progress ShareFile combining an auth bypass and RCE, impacting about 30k internet-facing customer-managed instances.

Open in PulseSee the full authority discussion →

QUOTES

publishing vulnerabilities we discovered, disclosed, and chained to achieve pre-auth RCE against Progress ShareFile

Enjoy the journey with us

Progress ShareFile has a pre-auth RCE chain affecting customer-managed deployments.

CVE-2026-2699 (auth bypass) + CVE-2026-2701 (RCE)

~30k internet-facing instances affected.

CVE-2026-2699 (auth bypass) + CVE-2026-2701 (RCE) let attackers skip login, access admin endpoints, and upload web shells.

~30k internet-facing instances affected. Fixed in 5.12.4.

VOICES

watchTowr

The Hacker News

RELATED TERMS

RCECVEenterprisecverce

OTHER FINDINGS IN VIRAL

European candy truck heists Iran bombing AWS infrastructure in Bahrain claim Windows Defender detecting AI-generated malware

AMYGDALA PULSE

See what authorities are saying right now

This finding is one of many signals tracked across Cyber Security. The live feed updates every few hours with new authority voices, debates, and emerging ideas.

Open Cyber Security Pulse Browse all topics

← Back to Cyber Security