Critical Vulnerability in ShareFile Exposes Users to Unauthenticated Remote Code Execution

Post Views: 6

Critical Flaws in ShareFile Collaboration Platform

Security researchers have identified two critical-severity vulnerabilities in the ShareFile content collaboration and file-sharing platform that can be exploited to achieve unauthenticated remote code execution (RCE).

First Bug: Execution After Redirect (EAR)

The first bug, tracked as CVE-2026-2699, is an EAR issue that enables attackers to access configuration pages intended for authenticated administrators.

WatchTowr was able to access an administrative page for Storage Zone configurations, allowing them to configure a Zone to connect to a local network and modify Zone parameters, including the current ShareFile passphrase.

This manipulation enables attackers to exfiltrate sensitive files by configuring the victim Storage Zone Controller to join a malicious Zone, which grants them administrative access to the file storage solution. Additionally, WatchTowr notes that products like ShareFile often allow users to specify the file storage location, making it possible to reconfigure the platform to store uploaded files in a potentially vulnerable location, such as the application’s webroot directory.

Second Bug: Arbitrary File Upload Issue

The second bug, tracked as CVE-2026-2701, is an arbitrary file upload issue that allows attackers to drop a web shell and achieve RCE.

WatchTowr successfully chained these two vulnerabilities to demonstrate unauthenticated RCE on a vulnerable ShareFile instance.

Both issues were reported to ShareFile in early February and were addressed in version 5.12.4 of the platform. Versions 6.x are not affected by these vulnerabilities.

Importance of Regular Software Updates and Patch Management Practices

The discovery of these flaws highlights the importance of regular software updates and patch management practices to prevent exploitation of known vulnerabilities.