Unauthorized File Access in Hyland Alfresco Platform
CVE-2026-26336

8.7HIGH

Key Information:

Vendor

Hyland

Vendor
CVE Published:
19 February 2026

What is CVE-2026-26336?

Hyland Alfresco contains a vulnerability that permits unauthenticated attackers to access sensitive files housed within protected directories, specifically through the '/share/page/resource/' endpoint. This flaw can lead to the exposure of crucial configuration files, thereby posing a significant risk to the confidentiality of sensitive information stored on the server.

Affected Version(s)

Alfresco Community 0 < 25.3.0

Alfresco Enterprise 7.4.0 < 7.4.2.6

Alfresco Enterprise 23.6.0 < 23.6.1

References

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Piotr Bazydlo (@chudyPB) of watchTowr
.