CVE-2026-2252

Published Feb 27, 2026

Last updated 15 days ago

CVSS high 7.5

Overview

Description: An XML External Entity (XXE) vulnerability allows malicious user to perform Server-Side Request Forgery (SSRF) via crafted XML input containing malicious external entity references. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core version 8.1.0 via the software available on - https://www.support.xerox.com/en-us/product/core/downloads
Source: 10b61619-3869-496c-8a1e-f291b0e71e3f
NVD status: Analyzed
Products: freeflow_core

Risk scores

CVSS 3.1

Type: Secondary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH

Weaknesses

10b61619-3869-496c-8a1e-f291b0e71e3f: CWE-611

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:xerox:freeflow_core:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "BB016BFC-2C5B-4CFA-BC3C-B5A9DBF893F1",
            "versionEndExcluding": "8.1.0",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References