PROBABLYPWNED
VulnerabilitiesJuly 12, 20263 min read

Progress Orders ShareFile Storage Zone Shutdown Over Security Threat

Progress Software tells ShareFile customers to immediately shut down Storage Zone Controllers due to a credible security threat. The company disabled affected accounts while investigating.

Marcus Chen

Progress Software ordered ShareFile Storage Zone Controller customers to immediately shut down their Windows servers on July 10, citing a "credible external security threat." The company took the unusual step of temporarily disabling affected customer accounts as a precautionary measure while investigating.

The incident became public after a customer posted Progress's notification email to Reddit's r/sysadmin community. By early afternoon, Progress had updated its status page to confirm "Storage Zone Controller customers are not operational" with the incident listed as under investigation.

Emergency Shutdown Requirements

Storage Zone Controllers are edge servers that organizations deploy to handle file transfers locally rather than routing everything through ShareFile's cloud infrastructure. These controllers remain internet-accessible by design, making them attractive targets for attackers.

Progress issued specific guidance for affected customers:

  1. Follow the shutdown order immediately and keep controllers offline
  2. Confirm your version is current (5.12.4 or later on the 5.x line, or any 6.x release)
  3. Do not restart servers without explicit Progress authorization
  4. If internet-accessible, treat the server as a potential incident site and preserve all logs
  5. Check for unfamiliar .aspx files in web folders and storage paths

The requirement to keep systems completely offline, rather than simply applying a patch, suggests either an unpatched zero-day vulnerability or a threat requiring total isolation rather than remediation.

History of ShareFile Security Issues

This isn't the first time Progress has faced critical security concerns with ShareFile infrastructure. CVE-2023-24489 was an unauthenticated flaw in Storage Zone Controller actively exploited in 2023. Two additional critical vulnerabilities were disclosed in April 2026 and patched in March, though Progress has not connected these to the current threat.

Progress Software also dealt with significant security incidents in its MOVEit Transfer product in 2023, when the Cl0p ransomware operation exploited zero-day vulnerabilities to breach hundreds of organizations worldwide.

Standard Cloud ShareFile Users Unaffected

Organizations using ShareFile's standard cloud-only deployment are not affected by this shutdown order. The security threat applies specifically to customers who deployed Storage Zone Controllers to maintain local control over file storage.

For enterprises that rely on these controllers for compliance or performance reasons, the forced outage creates operational challenges. Progress has not provided a timeline for when customers can safely restore service.

What This Means for File Sharing Security

The ShareFile incident highlights ongoing risks with on-premises components of hybrid cloud services. Edge servers that maintain internet connectivity for legitimate business purposes also expand the attack surface compared to pure cloud deployments.

Organizations using any self-hosted file transfer infrastructure should verify their patch levels and review access logs for suspicious activity. For broader guidance on securing enterprise systems, see our online safety tips covering network security fundamentals.

We'll update this article as Progress releases additional information about the nature of the threat and remediation timeline.

Related Articles