Press TechRound interviews Secure.com CEO on the future of AI security
Read

Progress Orders ShareFile Storage Zone Controller Shutdown Over Credible Threat

Progress told ShareFile customers to shut down Storage Zone Controllers now, citing a credible threat with no patch or details released.

Dateline: July 13, 2026

No Patch, Just a Shutdown Order: Inside the ShareFile Storage Zone Threat

Progress Software just told a chunk of its customers to walk over to a server rack and pull the plug. Not patch it. Not restart it. Shut it down. That is not a sentence security teams hear often, and when they do, it usually means something serious is happening in the background.

What Happened

The order landed on July 10 in an email titled Service Disruption, Immediate Action Required. It went to every organization running a ShareFile Storage Zone Controller, the on premises Windows server that lets companies keep files on their own storage while still using ShareFile’s cloud for sharing and access control. Progress says it is responding to a credible external security threat. It also says it has no indication of unauthorized access to accounts or data so far.

Here is the part worth sitting with. Progress did not say patch this. It said power it off. That is usually what a vendor tells you when there is no fix ready yet, only a threat it is racing to contain. The company disabled cloud access to affected accounts on its own side and then went a step further, instructing customers to physically shut down the underlying servers too, which tells you the cloud side block alone was not considered enough.

Storage Zone Controllers exist specifically to sit at the edge of a network, reachable from the internet, because that is how ShareFile’s cloud routes upload and download requests to them. That same design that makes them useful also makes them a magnet. This is not the first time this exact category of software has been in this position. 

In 2023, under Citrix ownership, the same Storage Zones Controller had an unauthenticated flaw, CVE-2023-24489, that CISA confirmed was under active attack. Citrix’s response then looked a lot like Progress’s now: cut access first, explain later. 

More recently, in April 2026, researchers at watchTowr Labs disclosed two chainable bugs in the 5.x line, an authentication bypass and a remote code execution flaw, both patched by March. Progress has not tied the current shutdown to either of those, and neither has been reported as exploited, so this looks like a separate, unnamed issue.

The Impact

Any organization still running an on premises Storage Zone Controller is affected. Cloud only ShareFile accounts are untouched. For the rest, the file sharing service is down until Progress says otherwise, and that service outage is really the smaller problem. 

The bigger one is what an internet facing file server sitting exposed for who knows how long could mean if it turns out the threat already got in. These controllers often carry contracts, financial records, healthcare files, anything an organization needed to keep off the public cloud in the first place.

Indicators of Compromise

No CVE, exploit sample, or technical indicator has been published for this specific threat as of this writing, and Progress has been explicit that it has not confirmed compromise. Based on the prior 2023 and 2026 incidents in this same product line, the standard checks worth running are:

  • Unfamiliar .aspx files in the web folders and storage paths of the controller
  • Windows, IIS, and ShareFile logs showing requests to the controller in the days before the shutdown
  • Any storage paths on the server that were not created by your own team

How to Avoid This

Shut the affected servers down now if you have not already, and do not treat the shutdown as optional or wait for a maintenance window. Confirm your version is 5.12.4 or later, or on the 6.x line, since that closes the flaws fixed earlier this year, though Progress has been clear that being current does not mean this new threat is covered. 

Preserve your Windows, IIS, and ShareFile logs before anyone touches the server again. Check the web folders and storage paths for .aspx files that should not be there. Watch for further word from Progress, because right now the company has confirmed the threat is real without saying what it actually is.

Why an Exposed Edge Server Turns Into a Bigger Problem Fast

An internet facing file server holding sensitive documents is exactly the kind of asset that stays invisible until a vendor emails you at midnight.

  • Maps every internet facing asset automatically, so a Storage Zone Controller or anything like it never sits unaccounted for
  • Flags exposed edge systems before a vendor forces the conversation, not after
  • Shows the blast radius if a server like this were compromised, including which downstream systems and data it can reach
  • Builds a documented incident timeline the moment a vendor alert like this one comes in, so the response is not starting from scratch
  • Keeps a human in the loop for anything touching a critical system, so a shutdown order does not turn into a guessing game about what else is connected