HIGHCVE-2026-2252Published 2026-02-27Modified 2026-03-06CNA Xerox

CVE-2026-2252: XML External Entity (XXE) vulnerability resulting in Server-Side Request Forgery (SSRF)

An XML External Entity (XXE) vulnerability allows malicious user to perform Server-Side Request Forgery (SSRF) via crafted XML input containing malicious external entity references. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core version 8.1.0 via the software available on - https://www.support.xerox.com/en-us/product/core/downloads

CVSS v3.1: 7.5
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

Xerox / FreeFlow Core
≤ 8.0.7

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

securitydocs.business.xerox.com

Metrics