Server-Side Request Forgery in Hyland Alfresco Transformation Service
CVE-2026-26338

6.9MEDIUM

What is CVE-2026-26338?

The Hyland Alfresco Transformation Service is susceptible to server-side request forgery (SSRF), which can be exploited by unauthenticated attackers. This vulnerability allows attackers to manipulate server-side requests, potentially leading to the exposure of internal resources and sensitive information. It is crucial for users of the affected service to address this vulnerability promptly to safeguard their systems against potential exploits.

Affected Version(s)

Alfresco Community (Transform Core) 0 < 5.3.0

Alfresco Transformation Service (Enterprise) 0 < 4.3.0

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Piotr Bazydlo (@chudyPB) of watchTowr
.