Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Xerox FreeFlow Core allows unauthorized access to internal directories
CVE-2026-2251
Summary
A vulnerability in Xerox FreeFlow Core allows an attacker to access and potentially execute files they shouldn't be able to. This could lead to malicious code being run on the system. To fix this, update to the latest version of FreeFlow Core, version 8.1.0, available on the Xerox support website.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| xerox | freeflow_core | <= 8.1.0 | – |
Original title
Improper limitation of a pathname to a restricted directory (Path Traversal) vulnerability in Xerox FreeFlow Core allows unauthorized path traversal leading to RCE.
This issue affects Xerox FreeFl...
Original description
Improper limitation of a pathname to a restricted directory (Path Traversal) vulnerability in Xerox FreeFlow Core allows unauthorized path traversal leading to RCE.
This issue affects Xerox FreeFlow Core versions up to and including 8.0.7.
Please consider upgrading to FreeFlow Core version 8.1.0 via the software available on - https://www.support.xerox.com/en-us/product/core/downloads
https://www.support.xerox.com/en-us/product/core/downloads
This issue affects Xerox FreeFlow Core versions up to and including 8.0.7.
Please consider upgrading to FreeFlow Core version 8.1.0 via the software available on - https://www.support.xerox.com/en-us/product/core/downloads
https://www.support.xerox.com/en-us/product/core/downloads
nvd CVSS3.1
9.8
Vulnerability type
CWE-22
Path Traversal
Published: 27 Feb 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026