Server-Side Request Forgery in Hyland Alfresco Transformation Service
CVE-2026-26338
6.9MEDIUM
Key Information:
- Vendor
Hyland
- Vendor
- CVE Published:
- 19 February 2026
What is CVE-2026-26338?
The Hyland Alfresco Transformation Service is susceptible to server-side request forgery (SSRF), which can be exploited by unauthenticated attackers. This vulnerability allows attackers to manipulate server-side requests, potentially leading to the exposure of internal resources and sensitive information. It is crucial for users of the affected service to address this vulnerability promptly to safeguard their systems against potential exploits.
Affected Version(s)
Alfresco Community (Transform Core) 0 < 5.3.0
Alfresco Transformation Service (Enterprise) 0 < 4.3.0
