CVE-2026-2699 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: April 2, 2026
Customer Managed ShareFile Storage Zones Controller - Authentication Bypass
Published: April 2, 2026Updated: April 2, 2026PoC AvailableRemote Exploitable
Overview
Customer Managed ShareFile Storage Zones Controller contains an authentication bypass caused by unauthenticated access to restricted configuration pages, letting unauthenticated attackers change system configuration and potentially execute remote code.
Severity & Score
Severity: Critical
CVSS Score: 9.8
Impact
Unauthenticated attackers can change system configuration and potentially execute remote code, leading to full system compromise.
Mitigation
Update to the latest version of Customer Managed ShareFile Storage Zones Controller.
References
Related Resources
Details
- CVE ID
- CVE-2026-2699
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- broken_access_control
- Status
- new
CWE
- CWE-284
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H