Remote Code Execution Vulnerability in Hyland Alfresco Transformation Service
CVE-2026-26339
9.3CRITICAL
Key Information:
- Vendor
Hyland
- Vendor
- CVE Published:
- 19 February 2026
What is CVE-2026-26339?
The Hyland Alfresco Transformation Service is susceptible to an argument injection vulnerability that enables unauthenticated attackers to execute arbitrary code remotely. This security flaw is associated with the document processing capabilities of the service, potentially allowing malicious entities to exploit the system without needing valid credentials. It is crucial for organizations utilizing this service to implement the necessary patches and updates to safeguard their applications against these threats.
Affected Version(s)
Alfresco Community (Transform Core) 0 < 5.2.4
Alfresco Transformation Service (Enterprise) 0 < 4.2.3
