CVE-2026-2251

Critical CVSS: 9.8

Improper limitation of a pathname to a restricted directory (Path Traversal) vulnerability in Xerox FreeFlow Core allows unauthorized path traversal leading to RCE.
This issue affects Xerox FreeFlow Core versions up to and including 8.0.7.

Please consider upgrading to FreeFlow Core version 8.1.0 via the software available on - https://www.support.xerox.com/en-us/product/core/downloads

https://www.support.xerox.com/en-us/product/core/downloads

Vendor

Xerox

Product

Freeflow Core

CWE

CWE-22

Yayın Tarihi

2026-02-27 09:16:16

Güncelleme

2026-03-02 18:24:15

Source Identifier

10b61619-3869-496c-8a1e-f291b0e71e3f

KEV Date Added

Kategoriler

CWE-22 Freeflow Core CRITICAL Xerox 2026

Referanslar

https://securitydocs.business.xerox.com/wp-content/uploads/2026/02/Xerox-Security-Bulletin-026-005-for-Xerox-Freeflow-Core.pdf

Benzer Kayıtlar

High

CVE-2026-2252

An XML External Entity (XXE) vulnerability allows malicious user to perform Server-Side Request Forgery (SSRF) via craft…

Medium

CVE-2026-1769

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Xerox Centr…

Critical

CVE-2025-8356

In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized file…

High

CVE-2025-8355

In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker…

Medium

CVE-2024-55931

Xerox Workplace Suite stores tokens in session storage, which may expose them to potential access if a user's session is…

Medium

CVE-2024-55928

Xerox Workplace Suite exposes sensitive secrets in clear text, both locally and remotely. This vulnerability allows atta…