Summary
- ShareFile Storage Zone Controller users were told to shut down affected Windows servers.
- Progress reportedly said it had no indication of unauthorised access to ShareFile accounts or data.
- The incident highlights availability and supplier-disclosure risks in hybrid file-sharing infrastructure.
Progress Software has told ShareFile customers using Storage Zone Controllers to shut down affected Windows servers while it investigates what it described to customers as a credible external security threat.
The issue concerns ShareFile Storage Zone Controllers, the on-premises components used by some organisations to keep files in customer-managed storage while using ShareFile services for sharing, management, and access. ShareFile documentation describes the controller as a way to host private storage, provide secure access to SharePoint and network file shares, and support data sovereignty or performance requirements by locating storage close to users.
Public reporting says Progress temporarily disabled access to affected ShareFile accounts and instructed customers to manually shut down the servers hosting Storage Zone Controllers. A Knowledge Base article reportedly said the company had no indication of unauthorised access to ShareFile accounts or data, while affected customers were told to keep controllers disabled as the investigation continued.
The company has not publicly disclosed the nature of the underlying threat, whether a vulnerability is involved, whether exploitation occurred, or which versions are implicated. A forced shutdown can protect data while an investigation is under way, but it also removes availability from a file-sharing service that may be used for legal, financial, healthcare, project, or customer communications.
Storage Zone Controllers sit between cloud service management and customer-controlled storage. Hybrid architectures are often chosen for compliance, data location, or legacy integration reasons, but they can create operational complexity. The component may need internet exposure, integration with identity systems, access to internal file shares, and coordination between customer administrators and the vendor’s cloud service.
The incident follows earlier security scrutiny of ShareFile Storage Zones Controller 5.x. Progress documentation says critical vulnerabilities disclosed in February 2026, CVE-2026-2699 and CVE-2026-2701, affected customer-managed v5 deployments and could allow unauthenticated access to configuration pages, potentially leading to configuration changes and remote code execution. Progress said at that time it had not received reports of exploitation of those vulnerabilities and recommended upgrading to v5.12.4 or any v6 version.
Progress has not linked the current security threat to those earlier flaws, so the two should not be treated as the same event without further evidence. The connection still shows how quickly on-premises components in cloud-adjacent services can become a governance problem. Customers need to know version exposure, patch status, internet reachability, logs, backups, and recovery options before a vendor issues an emergency shutdown instruction.
Supplier disclosure also shapes the response. During fast-moving incidents, vendors may withhold technical detail because the investigation is incomplete or because disclosure could increase risk. Customers still need enough information to make availability, legal, regulatory, and continuity decisions. A severe instruction to power down systems creates pressure on incident-response teams that must brief executives, assess data exposure, maintain services, and prepare regulator or customer communications.
Hybrid file-sharing infrastructure deserves the same resilience scrutiny as VPNs, identity providers, and managed transfer systems. It handles sensitive documents, crosses trust boundaries, and often supports business-critical workflows. When a vendor tells customers to take it offline, the exposure extends into supplier confidence, continuity planning, and the concentration of operational risk in components that may not have been visible at board level before the incident.




