New Progress ShareFile Flaws Enable Pre-Auth RCE and File Exfiltration

Two vulnerabilities in Progress ShareFile, an enterprise-grade secure file transfer solution, can be chained to achieve pre-authentication remote code execution (RCE) and unauthenticated file exfiltration from affected environments. The flaws were identified by security researchers at Assetnote, who reported them to Progress Software. No specific CVE IDs, patch release dates, or affected version ranges were disclosed in the report. The vulnerabilities enable attackers to bypass authentication and extract sensitive files without requiring valid credentials. Progress ShareFile is widely used by organizations for secure file storage and sharing. The full technical details of the exploit chain remain undisclosed to prevent immediate exploitation.