Hyland Alfresco Community vulnerabilities
4 known vulnerabilities affecting hyland/alfresco_community.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2
Vulnerabilities
Page 1 of 1
CVE-2026-26339P2CRITICALCVSS 9.8fixed in 5.2.42026-02-19
CVE-2026-26339 [CRITICAL] CWE-918 CVE-2026-26339: Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve remote code execu
Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve remote code execution through the argument injection vulnerability, which exists in the document processing functionality.
nvd
CVE-2026-26338P3CRITICALCVSS 9.8fixed in 5.3.02026-02-19
CVE-2026-26338 [CRITICAL] CWE-918 CVE-2026-26338: Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve server-side reque
Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve server-side request forgery (SSRF) through the document processing functionality.
nvd
CVE-2026-26337P3HIGHCVSS 8.2fixed in 5.3.02026-02-19
CVE-2026-26337 [HIGH] CWE-36 CVE-2026-26337: Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve both arbitrary fi
Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve both arbitrary file read and server-side request forgery through the absolute path traversal.
nvd
CVE-2026-26336P3HIGHCVSS 7.5fixed in 25.3.02026-02-19
CVE-2026-26336 [HIGH] CWE-863 CVE-2026-26336: Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories
Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories (like WEB-INF) via the "/share/page/resource/" endpoint, thus leading to the disclosure of sensitive configuration files.
nvd