An XML External Entity (XXE) vulnerability allows malicious user to perform Server-Side Request Forgery (SSRF) via crafted XML input containing malicious external entity references.
This issue affects Xerox FreeFlow Core versions up to and including 8.0.7.
Please consider upgrading to FreeFlow Core version 8.1.0 via the software available on - https://www.support.xerox.com/en-us/product/core/downloads
This issue affects Xerox FreeFlow Core versions up to and including 8.0.7.
Please consider upgrading to FreeFlow Core version 8.1.0 via the software available on - https://www.support.xerox.com/en-us/product/core/downloads
Metrics
Affected Vendors & Products
No data.
No data.
No data.
No data.
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Fri, 27 Feb 2026 08:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An XML External Entity (XXE) vulnerability allows malicious user to perform Server-Side Request Forgery (SSRF) via crafted XML input containing malicious external entity references. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core version 8.1.0 via the software available on - https://www.support.xerox.com/en-us/product/core/downloads | |
| Title | XML External Entity (XXE) vulnerability resulting in Server-Side Request Forgery (SSRF) | |
| Weaknesses | CWE-611 CWE-918 |
|
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: Xerox
Published:
Updated: 2026-02-27T08:18:38.491Z
Reserved: 2026-02-09T14:29:08.541Z
Link: CVE-2026-2252
Vulnrichment
No data.
NVD
Status : Received
Published: 2026-02-27T09:16:17.130
Modified: 2026-02-27T09:16:17.130
Link: CVE-2026-2252
Redhat
No data.
OpenCVE Enrichment
No data.