CVE-2026-2252 | THREATINT

Description

An XML External Entity (XXE) vulnerability allows malicious user to perform Server-Side Request Forgery (SSRF) via crafted XML input containing malicious external entity references. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core version 8.1.0 via the software available on - https://www.support.xerox.com/en-us/product/core/downloads

PUBLISHED Reserved 2026-02-09 | Published 2026-02-27 | Updated 2026-02-27 | Assigner Xerox

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-611 Improper Restriction of XML External Entity Reference

CWE-918 Server-Side Request Forgery (SSRF)

Product status

Default status

unaffected

Any version

affected

References

securitydocs.business.xerox.com/...r-Xerox-Freeflow-Core.pdf

cve.org (CVE-2026-2252)

nvd.nist.gov (CVE-2026-2252)

Download JSON