CVE-2026-2252

HIGH

Xerox FreeFlow Core <=8.0.7 - XXE/SSRF

Title source: llm

Description

An XML External Entity (XXE) vulnerability allows malicious user to perform Server-Side Request Forgery (SSRF) via crafted XML input containing malicious external entity references. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core version 8.1.0 via the software available on - https://www.support.xerox.com/en-us/product/core/downloads

References (1)

[Various Sources] https://securitydocs.business.xerox.com/wp-content/uploads/2026/02/Xerox-Security-Bulletin-026-005-for-Xerox-Freeflow-Core.pdf

Scores

CVSS v3 7.5

EPSS 0.0005

EPSS Percentile 16.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-611 CWE-918

Status published

Affected Products (1)

xerox/freeflow_core < 8.1.0

Timeline

Published Feb 27, 2026

Tracked Since Feb 27, 2026