LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2026-2701

CVE-2026-2701 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: April 3, 2026

Unspecified Product - Remote Code Execution

Published: April 2, 2026Updated: April 3, 2026Remote Exploitable

Overview

An unspecified product contains an unrestricted file upload vulnerability caused by allowing authenticated users to upload and execute malicious files, letting attackers achieve remote code execution, exploit requires user authentication.

Severity & Score

Severity: Critical
CVSS Score: 9.1
EPSS Score: 19.0%(Probability of exploitation in next 30 days)

Impact

Authenticated attackers can upload and execute malicious files, leading to remote code execution and full system compromise.

Mitigation

Update to the latest version or apply vendor patches to restrict file upload and execution.

References

Social Media Activity(2 posts)

TheHackerWire
TheHackerWire
@thehackerwire
Apr 5, 2026

šŸ”“ CVE-2026-2701 - Critical (9.1) Authenticated user can upload a malicious file to the server and execute it, which leads to remote code execution. šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-2701/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
BeyondMachines :verified:
BeyondMachines :verified:
@beyondmachines1
Apr 4, 2026

Progress Software Patches Critical RCE Chain in ShareFile Storage Zones Controller Progress Software patched two critical vulnerabilities (CVE-2026-2699 and CVE-2026-2701) in ShareFile Storage Zones Controller that allow unauthenticated attackers to bypass authentication and execute remote code. **If you manage your own ShareFile storage zones, update to version 5.12.4 or move to version 6 to prevent full system takeover. File transfer tools are high-value targets for ransomware groups, so treat this patch as a top priority. If you can't patch, isolate the instances until they are patched. General isolation doesn't work since these systems are designed to be accessible from the public internet.** #cybersecurity #infosec #advisory #vulnerability https://beyondmachines.net/event_details/progress-software-patches-critical-rce-chain-in-sharefile-storage-zones-controller-6-f-a-f-n/gD2P6Ple2L

View original post

Related Resources

Details

CVE ID
CVE-2026-2701
Severity
Critical
CVSS Score
9.1
Type
unrestricted_file_upload
Status
unconfirmed
EPSS
19.0%
Social Posts
2

CWE

  • CWE-78

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Score

19.0%Probability of exploitation in the next 30 days