Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
Xerox FreeFlow Core allows attackers to hijack server requests via XML input
CVE-2026-2252
Summary
Malicious users can potentially trick the Xerox FreeFlow Core server into making unauthorized requests to unintended destinations. This is a security risk because it allows attackers to access sensitive information or disrupt the server's operations. To fix this issue, upgrade to Xerox FreeFlow Core version 8.1.0 or later, which is available for download from the Xerox support website.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| xerox | freeflow_core | <= 8.1.0 | – |
Original title
An XML External Entity (XXE) vulnerability allows malicious user to perform Server-Side Request Forgery (SSRF) via crafted XML input containing malicious external entity references.
This issue aff...
Original description
An XML External Entity (XXE) vulnerability allows malicious user to perform Server-Side Request Forgery (SSRF) via crafted XML input containing malicious external entity references.
This issue affects Xerox FreeFlow Core versions up to and including 8.0.7.
Please consider upgrading to FreeFlow Core version 8.1.0 via the software available on - https://www.support.xerox.com/en-us/product/core/downloads
This issue affects Xerox FreeFlow Core versions up to and including 8.0.7.
Please consider upgrading to FreeFlow Core version 8.1.0 via the software available on - https://www.support.xerox.com/en-us/product/core/downloads
nvd CVSS3.1
7.5
Vulnerability type
CWE-611
XML External Entity (XXE)
CWE-918
Server-Side Request Forgery (SSRF)
Published: 27 Feb 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026