CVE-2026-2701
Published: 02 April 2026
Summary
CVE-2026-2701 is a critical-severity OS Command Injection (CWE-78) vulnerability in Progress Sharefile Storage Zones Controller. Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked in the top 24.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Flaw remediation directly mitigates CVE-2026-2701 by applying vendor patches that fix the unrestricted malicious file upload leading to remote code execution.
Information input validation enforces checks on uploaded files to reject dangerous types and content that enable OS command injection and code injection.
Malicious code protection scans and blocks execution of harmful files uploaded via the vulnerability, preventing RCE exploitation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability enables RCE via unrestricted upload of dangerous files (CWE-434 facilitating T1505.003 Web Shell), OS command injection (CWE-78 mapping to T1059), and exploitation of the remote Storage Zones Controller service (T1210).
NVD Description
Authenticated user can upload a malicious file to the server and execute it, which leads to remote code execution.
Deeper analysisAI
CVE-2026-2701 is a high-severity vulnerability in ShareFile Storage Zones Controller version 5.0 that enables an authenticated user to upload a malicious file to the server and execute it, resulting in remote code execution. Published on 2026-04-02, it is linked to CWE-78 (OS Command Injection), CWE-94 (Code Injection), and CWE-434 (Unrestricted Upload of File with Dangerous Type). The vulnerability carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H), indicating critical impact potential.
Exploitation requires an authenticated attacker with high privileges (PR:H) to access the network remotely (AV:N) under low complexity conditions (AC:L) with no user interaction (UI:N). Upon uploading and executing the malicious file, the attacker achieves remote code execution, granting high-impact access to confidentiality, integrity, and availability (C:H/I:H/A:H) across a changed scope (S:C), which could fully compromise the affected server.
The ShareFile advisory at https://docs.sharefile.com/en-us/storage-zones-controller/5-0/security-vulnerability-feb26 provides details on the vulnerability, including recommended mitigations and patches.
Details
- CWE(s)