Unauthorized File Access in Hyland Alfresco Platform
CVE-2026-26336
8.7HIGH
Key Information:
- Vendor
Hyland
- Vendor
- CVE Published:
- 19 February 2026
What is CVE-2026-26336?
Hyland Alfresco contains a vulnerability that permits unauthenticated attackers to access sensitive files housed within protected directories, specifically through the '/share/page/resource/' endpoint. This flaw can lead to the exposure of crucial configuration files, thereby posing a significant risk to the confidentiality of sensitive information stored on the server.
Affected Version(s)
Alfresco Community 0 < 25.3.0
Alfresco Enterprise 7.4.0 < 7.4.2.6
Alfresco Enterprise 23.6.0 < 23.6.1
