Security researchers discovered a pre-authenticated Remote Code Execution (RCE) chain in Progress ShareFile Storage Zone Controller. By chaining an Execution After Redirect (EAR) authentication bypass (CVE-2026-2699) with an arbitrary file upload vulnerability (CVE-2026-2701), attackers can reconfigure the storage repository to the webroot and extract an ASPX webshell, achieving full system compromise.