Skip to main content

Freeflow Core CVE-2026-2251

CRITICAL
Path Traversal (CWE-22)
2026-02-27 10b61619-3869-496c-8a1e-f291b0e71e3f
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
CVE Published
Feb 27, 2026 - 09:16 nvd
CRITICAL 9.8

DescriptionCVE.org

Improper limitation of a pathname to a restricted directory (Path Traversal) vulnerability in Xerox FreeFlow Core allows unauthorized path traversal leading to RCE. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7.

Please consider upgrading to FreeFlow Core version 8.1.0 via the software available on - https://www.support.xerox.com/en-us/product/core/downloads

https://www.support.xerox.com/en-us/product/core/downloads

AnalysisAI

Path traversal vulnerability in Xerox FreeFlow Core allows attackers to access files outside restricted directories, potentially exposing sensitive print job data and system configurations.

Technical ContextAI

CWE-22 path traversal in Xerox FreeFlow Core. Insufficient pathname validation allows directory traversal to access arbitrary files.

RemediationAI

Apply Xerox security update. Restrict network access to FreeFlow Core.

Share

CVE-2026-2251 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy