CVE-2026-2251 | THREATINT

Description

Improper limitation of a pathname to a restricted directory (Path Traversal) vulnerability in Xerox FreeFlow Core allows unauthorized path traversal leading to RCE. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core version 8.1.0 via the software available on - https://www.support.xerox.com/en-us/product/core/downloads https://www.support.xerox.com/en-us/product/core/downloads

PUBLISHED Reserved 2026-02-09 | Published 2026-02-27 | Updated 2026-03-03 | Assigner Xerox

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Default status

unaffected

Any version

affected

References

securitydocs.business.xerox.com/...r-Xerox-Freeflow-Core.pdf

cve.org (CVE-2026-2251)

nvd.nist.gov (CVE-2026-2251)

Download JSON