Progress Software Urges Businesses to Immediately Shut Down ShareFile Storage Zone Controller Servers Over Credible External Threat
Progress Software has taken the unusual step of asking customers to immediately shut down servers running ShareFile Storage Zone Controller after detecting a credible external threat, underscoring the severity of the situation.
Corporate storage systems are rarely powered down except in cases of serious risk, yet the company has now instructed organizations to manually disable these controllers as an extra layer of protection while it investigates.
Progress Software has temporarily blocked ShareFile accounts that rely on Storage Zone Controller and launched an internal review. These controllers allow organizations to keep data within their own infrastructure or with a third-party provider, giving them full control over storage management rather than depending exclusively on cloud-hosted options.
The company has not revealed the nature of the threat or provided any timeline for lifting the restrictions. At the time of the notification, Progress Software stated it had found no signs of unauthorized access to ShareFile accounts or customer data.
Possible Connection to Recently Patched Vulnerabilities
Some users have suggested the incident may be related to two critical vulnerabilities patched in March: CVE-2026-2699 (CVSS 9.8) and CVE-2026-2701 (CVSS 9.1). Although no official confirmation exists, the combination of these flaws could allow attackers to change controller settings without authentication, upload malicious files, and execute commands on the server.
While the investigation continues, Progress Software recommends that customers manually power off any servers hosting Storage Zone Controller. The company views this shutdown as an additional safeguard until more details become available.