Progress warns ShareFile Users: shut down on-premises servers immediately
A temporary lockdown has been implemented on ShareFile accounts using on-premises storage. However, Progress warns that it’s not enough and is urging admins to take immediate action.

Image by Cybernews.
- Progress Software has implemented a temporary lockdown on ShareFile accounts using Storage Zone Controllers.
- Administrators are urged to manually shut down servers hosting these controllers immediately as a precautionary measure.
- The directive follows a "credible external security threat" targeting the Storage Zone Controller software.
Progress Software late Friday evening sent emails urging admins to shut down on-premises ShareFile Storage Zone Controllers servers due to a likely exploitation by threat actors.
The company has implemented a two-step lockdown on ShareFile accounts using Storage Zone Controllers. Progress itself temporarily disabled these accounts and also alerted ShareFile customers to immediately pull the plugs on Storage Zone Controllers “out of an abundance of caution.”
“We have reason to believe there is a credible external security threat targeting Progress Software’s ShareFile Storage Zone Controllers,” a Progress email, shared by one of admins on Reddit, reads.
“IMMEDIATE ACTION REQUIRED: You must manually shut down the server hosting your Storage Zone Controllers. This is a critical additional step to ensure the safety of your data.”
According to the ShareFile Status page, the customers with these controllers have remained non-operational since July 10th, 2026, 12:12 EDT.
ShareFile is Progress’s cloud platform for sharing, storing, and managing files. Storage Zone Controller is an optional on-premises Windows solution that enables companies to keep files on their own storage rather than the cloud while using ShareFile for logins and sharing.
Progress Software is an infrastructure and application-development software company known for its developer and IT infrastructure tools, including MOVEit, Telerik, Chef, ShareFile, and others.
Members of the r/sysadmin community noted that the emails were sent to all licensed users, not just admins.
The Storage Zone Controller (SZC) brokers file uploads and downloads between the cloud and local storage, and the software is normally internet-facing, making it an attractive target.
However, the company didn’t provide any details on the issue – whether it is a zero-day vulnerability or who might be behind it. It doesn’t seem to affect cloud-only ShareFile accounts.
“We are currently investigating this issue,” the status page reads.
The email previously stated that the company has “no indication of unauthorized access to any Progress ShareFile accounts or data,” and that the update would be sent in 24 hours.
Scans by ShadowserverFoundation, a nonprofit organization, found a few hundred exposed ShareFile instances worldwide; most (115) are in the US, followed by 47 in Germany and 17 in the Netherlands.
The organization started tracking the instances following the disclosure of two critical vulnerabilities affecting the Customer Managed ShareFile Storage Zones Controller earlier this year.
The 9.8 out of 10 bug allowed an unauthenticated attacker to access restricted configuration pages, leading to changing system configuration and potential remote code execution. The second vulnerability allowed authenticated users to upload a malicious file to the server and execute it, resulting in remote code execution. Progress patched the bugs in February.
Progress’s software has been at the epicenter of major exploits in the past, including a critical security vulnerability in MOVEit that enabled Cl0p ransomware to compromise hundreds of companies in 2023.