Filtered by vendor Hyland
Subscriptions
Filtered by product Alfresco Community
Subscriptions
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-26336 | 1 Hyland | 2 Alfresco Community, Alfresco Enterprise | 2026-02-20 | 7.5 High |
| Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories (like WEB-INF) via the "/share/page/resource/" endpoint, thus leading to the disclosure of sensitive configuration files. | ||||
| CVE-2026-26337 | 1 Hyland | 2 Alfresco Community, Alfresco Transformation Service | 2026-02-20 | 8.2 High |
| Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve both arbitrary file read and server-side request forgery through the absolute path traversal. | ||||
| CVE-2026-26338 | 1 Hyland | 2 Alfresco Community, Alfresco Transformation Service | 2026-02-20 | 6.5 Medium |
| Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve server-side request forgery (SSRF) through the document processing functionality. | ||||
| CVE-2026-26339 | 1 Hyland | 2 Alfresco Community, Alfresco Transformation Service | 2026-02-20 | 9.8 Critical |
| Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve remote code execution through the argument injection vulnerability, which exists in the document processing functionality. | ||||
Page 1 of 1.