CVE-2026-26336

HIGH

Hyland Alfresco Content Services < 25.3 - Unauthenticated Arbitrary File Read via Resource Endpoint

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2026-26336. PoCs published by adminlove520, CEAarab.

AI-analyzed exploit summary The repository contains a functional Python script that exploits an unauthenticated file read vulnerability in Alfresco Share via path traversal. The PoC demonstrates reading sensitive files like configuration files and keystores by leveraging a bypass technique (`..;/`).

Description

Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories (like WEB-INF) via the "/share/page/resource/" endpoint, thus leading to the disclosure of sensitive configuration files.

Exploits (2)

github WORKING POC 4 stars

by adminlove520 · pythonpoc

https://github.com/adminlove520/CVE-Poc_All_in_One/tree/main/2026/CVE-2026-26336

View Code ZIP pw:eip

The repository contains a functional Python script that exploits an unauthenticated file read vulnerability in Alfresco Share via path traversal. The PoC demonstrates reading sensitive files like configuration files and keystores by leveraging a bypass technique (`..;/`).

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Alfresco Share < 25.3.0 (Community Edition)

No auth needed

Prerequisites: Network access to the target Alfresco Share instance

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed May 29, 2026 Full analysis →

nomisec WORKING POC

by CEAarab · poc

https://github.com/CEAarab/CVE-2026-26336-PoC

View Code ZIP pw:eip

This repository contains a functional Python-based exploit for CVE-2026-26336, an unauthenticated path traversal vulnerability in Alfresco Share. The PoC demonstrates arbitrary file read capabilities via a crafted request to the `/share/page/resource/` endpoint, including a bypass for patched versions using `..;/`.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Alfresco Community Edition < 25.3.0 (and 25.3.0 with bypass)

No auth needed

Prerequisites: Network access to the Alfresco Share instance · Target running a vulnerable version of Alfresco Community Edition

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed May 07, 2026 Full analysis →

References (3)

Core 3

Core References

Various Sources vendor-advisory patch

https://connect.hyland.com/t5/alfresco-blog/cve-2026-26336-unauthenticated-arbitrary-file-read-in-alfresco/ba-p/496550

Various Sources product

https://www.hyland.com/en/solutions/products/alfresco-platform

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/hyland-alfresco-improper-authorization-arbitrary-file-read

Scores

CVSS v3 7.5

EPSS 0.0031

EPSS Percentile 22.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-863

Status published

Products (6)

Hyland/Alfresco Community < 25.3.0

Hyland/Alfresco Enterprise 23.6.0 - 23.6.1

Hyland/Alfresco Enterprise 25.1.0 - 25.3.0

Hyland/Alfresco Enterprise 7.4.0 - 7.4.2.6

hyland/alfresco_content_services < 25.3

hyland/alfresco_content_services 7.4.0 - 7.4.2.5

Published Feb 19, 2026

Tracked Since Feb 19, 2026