watchTowr🫡 We’re back.
Today, we’re publishing vulnerabilities we discovered, disclosed, and chained to achieve pre-auth RCE against Progress ShareFile.
Enjoy the journey with us, while you sob into your hands 🫠
You’re Not Supposed To ShareFile With Everyone (Progress ShareFile Pre-Auth RCE Chain CVE-2026-2699 & CVE-2026-2701)
If you squint and look at the CISA KEV list, you might think it's made up exclusively of vulnerabilities in file transfer solutions. While this would be wrong (and you shouldn’t squint, it’s bad for your eyes), file transfer solutions do play a decent role in the CISA
cR0w 🏴☠️