Is Freeflow Core affected by CVE-2026-2251?

A critical remote code execution vulnerability (CVE-2026-2251) affects Xerox FreeFlow Core versions up to 8.0.7, allowing attackers to gain unauthorized system access through path traversal exploitation.

CVE-2026-2251

CRITICAL

2026-02-27 10b61619-3869-496c-8a1e-f291b0e71e3f

9.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

CVE Published

Feb 27, 2026 - 09:16 nvd

CRITICAL 9.8

Description

Improper limitation of a pathname to a restricted directory (Path Traversal) vulnerability in Xerox FreeFlow Core allows unauthorized path traversal leading to RCE. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core version 8.1.0 via the software available on - https://www.support.xerox.com/en-us/product/core/downloads https://www.support.xerox.com/en-us/product/core/downloads

Analysis

Path traversal vulnerability in Xerox FreeFlow Core allows attackers to access files outside restricted directories, potentially exposing sensitive print job data and system configurations.

Remediation

Within 24 hours: Inventory all Xerox FreeFlow Core installations and identify systems running versions 8.0.7 or earlier; isolate affected systems from production networks if possible and enable enhanced logging. Within 7 days: Implement network segmentation to restrict external access to FreeFlow Core servers; deploy WAF rules to block suspicious path traversal patterns; contact Xerox for ETA on security patches and interim guidance. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +49

POC: 0

CVE-2026-2251 vulnerability details – vuln.today

Back

CVE-2026-2251

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-2251

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code