CVE-2026-26337

High CVSS: 8.8

Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve both arbitrary file read and server-side request forgery through the absolute path traversal.

Vendor

Hyland

Product

Alfresco Transform Service

CWE

CWE-36

Yayın Tarihi

2026-02-19 18:24:59

Güncelleme

2026-03-02 22:03:57

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-36 Alfresco Transform Service HIGH Hyland 2026

Referanslar

https://connect.hyland.com/t5/alfresco-blog/security-update-cve-2026-26337-cve-2026-26338-cve-2026-26339/ba-p/496551 https://www.hyland.com/en/solutions/products/alfresco-platform https://www.vulncheck.com/advisories/hyland-alfresco-transformation-service-absolute-path-traversal-arbitrary-file-read-and-ssrf

Benzer Kayıtlar

Critical

CVE-2026-26339

Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve remote code execution through the arg…

Medium

CVE-2026-26338

Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve server-side request forgery (SSRF) th…

High

CVE-2026-26336

Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories (like WEB-INF) via t…