CVE-2026-26336

High CVSS: 8.7

Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories (like WEB-INF) via the "/share/page/resource/" endpoint, thus leading to the disclosure of sensitive configuration files.

Vendor

Hyland

Product

Alfresco Content Services

CWE

CWE-863

Yayın Tarihi

2026-02-19 17:24:50

Güncelleme

2026-03-03 16:37:14

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-863 Alfresco Content Services HIGH Hyland 2026

Referanslar

https://connect.hyland.com/t5/alfresco-blog/cve-2026-26336-unauthenticated-arbitrary-file-read-in-alfresco/ba-p/496550 https://www.hyland.com/en/solutions/products/alfresco-platform https://www.vulncheck.com/advisories/hyland-alfresco-improper-authorization-arbitrary-file-read

Benzer Kayıtlar

Critical

CVE-2026-26339

Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve remote code execution through the arg…

High

CVE-2026-26337

Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve both arbitrary file read and server-s…

Medium

CVE-2026-26338

Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve server-side request forgery (SSRF) th…