CVE-2026-26337

HIGH SEVERITY

CVSS Score & Metrics

Base Score

8.2 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N                                    

Vulnerability Description

Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve both arbitrary file read and server-side request forgery through the absolute path traversal.

Vulnerability Details

Published Date

February 19, 2026

Last Modified

February 20, 2026

CWE ID

CWE-36

Source

NVD

Vendor

Hyland

Product

Alfresco Transformation Service (Enterprise), Alfresco Community (Transform Core)

External References

https://www.hyland.com/en/solutions/products/alfresco-platform
https://www.vulncheck.com/advisories/hyland-alfresco-transformation-service-absolute-path-traversal-arbitrary-file-read-and-ssrf

CVE-2026-26337

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment