Cyber Security

Progress Tells ShareFile Customers to Turn Off Storage Location Controls Over Security Threat

ISwati KhandelwalJuly 10, 2026Business Security / Security Incident

Progress Software told ShareFile customers to shut down Windows servers running its Storage Space Controllers, ensuring that Hacker News that it responds to a “credible external security threat.”

The company temporarily disabled access to the affected accounts, a step it said it took “out of an abundance of caution” while working with internal and external security experts.

It says it has no indication of unauthorized access to any ShareFile accounts or data, and that it notified customers after learning of the threat.

What Development cannot say is what the threat is or who is causing it.

The order became public when a customer emailed the company on Reddit’s r/sysadmin on July 10. Progress confirmed the outage on its status page, listing Storage Space Management customers as “out of service” and the incident was still under investigation as of 12:12 pm EDT update.

Only Storage Manager is affected, not just standard ShareFile cloud accounts. The controller is a self-hosted server, so files can reside on its own storage while still using the ShareFile cloud to share and manage them.

The controller usually resides at the edge of the network, accessible from the Internet. That exposure makes it useful and targeted. Ordering customers to take you fully offline, rather than simply patching, is a significant step.

That choice in itself is telling. If a fix for this threat was available, progress would be telling customers to use it; the shutdown order suggests that it is not currently available. That usually means a newly discovered bug that the company is scrambling to patch, although the same step can equate to a threat that a patch won’t address, such as stolen keys or a problem on Progress’s part.

Its statement that no accounts or data were accessed is careful wording, too, and doesn’t abdicate the problem to the administrators themselves.

What you have to do now

  1. Follow the shutdown order first. Keep affected controllers offline until Progress says what the threat is and when it’s safe to restart.
  2. Separately, make sure your version is current: 5.12.4 or later on the 5.x line, or 6.x release. That covers bugs fixed earlier this year, but Progress hasn’t said it removes the existing threat, so don’t take it as a license to reboot.
  3. If the controller is accessible online, treat it as a potential incident. Save the logs and start your incident response process, and check for unusual .aspx files in the web folders and storage paths you didn’t stop. A server that looks clean is not proof that it is clean.

ShareFile has experienced this before. In 2023, while the product was still owned by Citrix, attackers exploited an unauthorized vulnerability in the Storage Areas controller (CVE-2023-24489).

CISA marked it as actively exploited, and Citrix cut the unpublished controls from the ShareFile cloud, the same access block Progress is now in place.

Progress, which discovered ShareFile in 2024, had already resisted an attack on the transfer of many files: MOVEit, which was exploited in 2023 by the Cop group and attacked more than 2,700 organizations.

Storage Manager also had two critical flaws that watchTowr disclosed in April and progress patched in March, although the company has not linked the current threat to them, and it has never been reported as an exploit.

A key question remains unanswered: Progress has taken these systems offline and is working with outside experts, but it hasn’t said what the threat is or when customers can safely bring them back online.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button