Critical Vulnerability in ShareFile Exposes Users to Unauthenticated Remote Code Execution
Critical Flaws in ShareFile Collaboration Platform
Security researchers have identified two critical-severity vulnerabilities in the ShareFile content collaboration and file-sharing platform that can be exploited to achieve unauthenticated remote code execution (RCE).
First Bug: Execution After Redirect (EAR)
The first bug, tracked as CVE-2026-2699, is an EAR issue that enables attackers to access configuration pages intended for authenticated administrators.
This manipulation enables attackers to exfiltrate sensitive files by configuring the victim Storage Zone Controller to join a malicious Zone, which grants them administrative access to the file storage solution. Additionally, WatchTowr notes that products like ShareFile often allow users to specify the file storage location, making it possible to reconfigure the platform to store uploaded files in a potentially vulnerable location, such as the application’s webroot directory.
Second Bug: Arbitrary File Upload Issue
The second bug, tracked as CVE-2026-2701, is an arbitrary file upload issue that allows attackers to drop a web shell and achieve RCE.
Both issues were reported to ShareFile in early February and were addressed in version 5.12.4 of the platform. Versions 6.x are not affected by these vulnerabilities.
Importance of Regular Software Updates and Patch Management Practices
The discovery of these flaws highlights the importance of regular software updates and patch management practices to prevent exploitation of known vulnerabilities.
- Users and administrators are advised to update their ShareFile instances to the latest version to mitigate potential risks.
About Author
English