CVE-2026-2252

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Xerox FreeFlow Core versions up to and including 8.0.7

Description An XML External Entity (XXE) issue allows a malicious user to perform Server-Side Request Forgery (SSRF) by submitting specially crafted XML input that includes malicious external entity references. This allows an attacker to potentially make requests to internal or external resources on behalf of the server.

Recommendations Upgrade to Xerox FreeFlow Core version 8.1.0.

Fix

XXE

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611CWE-918

Related Identifiers

CVE-2026-2252

Affected Products

Xerox Freeflow Core

CVE-2026-2252

Weakness Enumeration

Related Identifiers

Affected Products

References · 6