The article provides details about two specific CVEs (CVE-2026-2699 and CVE-2026-2701) related to the vulnerability, including the ability to chain them for pre-authenticated remote code execution.
| Vendor | Product | Versions |
|---|---|---|
| Progress | ShareFile Storage Zones Controller | 0, CVE-2026-2699, CVE-2026-2701, 5.12.3 |
Updated affected versions to include 5.12.3, changed severity to HIGH, noted no exploit available, and set patchAvailable to null.
Updated description with details about CVE-2026-2699 and CVE-2026-2701, and confirmed patch version 5.12.4.
Updated description with details on CVE-2026-2699 and CVE-2026-2701, added affected version 5.12.4, and marked exploit as available and actively exploited.
Updated affected versions to include 5.x, added CVE IDs, and marked the vulnerability as actively exploited with a patch available in version 5.12.4.
Initial creation
