After a four-day security suspension, Progress has restored access to its ShareFile Storage Zones Controller.
ShareFile is Progress’ flagship enterprise file-sharing service and Storage Zones Controller provides ShareFile customers with private data storage.
Progress Software detected “a credible external security threat” on July 10 that prompted the company to temporarily suspend the service. The service was resumed on July 14.
The company confirmed to Infosecurity that the incident was the result of the exploitation of a high severity path traversal vulnerability affecting Storage Zones Controller versions 5.x and 6.x.
“We developed and released patched versions to customers and once patched, these customers’ Storage Zones Controllers will be operational,” the company told Infosecurity.
The latest version of Storage Zones Controller that includes the patch for this vulnerability are 5.12.5 and 6.0.2.
However, Progress did not disclose the common vulnerabilities and exposures (CVE) identifier. The company told BleepingComputer it is waiting to publish the CVE in order to give customers time to patch before details become public and available to potential threat actors.
“At this time, we have no evidence of unauthorized access to any ShareFile customer account or data, and we have not identified any active threat,” they told Infosecurity.
Progress has a history of security incidents, including the 2023 breach of its MOVEit Transfer product which was exploited in widespread ransomware attacks. A critical vulnerability in MOVEit Automation was was reported in April 2026 that led to further disruptions.
Image credit: Piotr Swat / Shutterstock.com
