Arbitrary File Read and Server-Side Request Forgery in Hyland Alfresco Transformation Service
CVE-2026-26337
8.8HIGH
Key Information:
- Vendor
Hyland
- Vendor
- CVE Published:
- 19 February 2026
What is CVE-2026-26337?
The Hyland Alfresco Transformation Service is vulnerable to a path traversal issue that allows unauthenticated attackers to exploit the system. By manipulating the file paths, attackers can achieve arbitrary file read and execute server-side request forgery (SSRF) attacks, potentially exposing sensitive information and allowing unauthorized interaction with the internal network. It is crucial for users to apply the latest security updates to mitigate the risks associated with these vulnerabilities.
Affected Version(s)
Alfresco Community (Transform Core) 0 < 5.3.0
Alfresco Transformation Service (Enterprise) 0 < 4.3.0
