At a glance: Progress Software has instructed organizations using ShareFile Storage Zone Controllers to immediately shut down affected servers after identifying a credible external security threat, while temporarily disabling access to connected accounts during its investigation. Progress has not disclosed the nature of the threat, whether a zero-day is involved, or whether any organizations have been compromised, and no CVE has been associated with the incident. Organizations relying on Storage Zone Controllers for file-sharing operations may face service disruptions while affected systems remain unavailable and further guidance emerges from the vendor.
Threat summary
On July 10, 2026, Progress Software instructed customers using ShareFile Storage Zone Controllers to immediately shut down the Windows servers hosting those systems after identifying what it described as a "credible external security threat."
At the same time, the company temporarily disabled access to affected ShareFile accounts connected to Storage Zone Controllers while it investigated the issue with internal and external cybersecurity experts.
Progress stated that it had no indication of unauthorized access to ShareFile accounts or customer data at the time of notification. Later that day, at 12:12 EDT, Progress reported that the incident remained under investigation.
The notification applies to organizations running ShareFile Storage Zone Controllers, an on-premises component that allows files to remain within customer-managed infrastructure while using ShareFile cloud services for authentication, administration, sharing, and collaboration. Because these systems facilitate file transfers between customer storage and the ShareFile platform, they are commonly internet-accessible. Progress has not indicated that cloud-only ShareFile environments are affected.
As of July 10, Progress has not disclosed the nature of the threat, whether a vulnerability is involved, or whether any organizations had been compromised. No CVE identifier has been associated with the incident, and no technical indicators or threat details have been released. The directive to shut down affected servers, rather than apply a patch or configuration change, indicates that no publicly available remediation was available at the time of disclosure.
The incident follows a period of security scrutiny involving ShareFile Storage Zone Controllers. In April 2026, Progress released fixes for CVE-2026-2699 and CVE-2026-2701, two critical vulnerabilities affecting the 5.x product line. Progress has not disclosed whether the current incident is related to those vulnerabilities or to any previously reported security issue.
Analysis
ShareFile Storage Zone Controllers are internet-accessible systems that manage file transfers between customer-managed storage repositories and ShareFile cloud services. Because they sit between external users and enterprise data stores, they represent a potential pathway to sensitive organizational data if compromised.
At this time, Progress has not disclosed the nature of the threat, whether a vulnerability is involved, or whether any customer environments have been affected.
For organizations using Storage Zone Controllers, the immediate concern is maintaining the availability and security of file-sharing services while Progress continues its investigation.
Progress has already disabled access to ShareFile accounts using Storage Zone Controllers and has instructed customers to manually shut down the associated Windows servers, stating that this additional step is necessary to protect customer data.
As a result, organizations may experience disruptions to file access and related business operations until further details emerge. Security and IT teams should monitor communications from Progress for updates on the investigation, recovery procedures, indicators of compromise, and remediation guidance.
While no technical details have been released, organizations can use this period to prepare for potential remediation and investigation activities. Recommended actions include preserving system, application, and web server logs; reviewing recent administrative activity involving Storage Zone Controllers; identifying internet-exposed instances; and documenting current configurations to support future recovery efforts.
Reviewing Storage Zone Controller web directories and storage locations for unexpected files, unauthorized changes, or other anomalies may also help identify signs of suspicious activity if additional indicators become available.