Alfresco Content Services

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-26336 HIGH This Week

Unauthenticated attackers can bypass access controls in Alfresco Content Services to retrieve sensitive files from protected directories such as WEB-INF through the /share/page/resource/ endpoint. This vulnerability exposes critical configuration data and credentials without requiring authentication or user interaction. No patch is currently available for this remotely exploitable issue affecting Alfresco deployments.

Authentication Bypass Information Disclosure Alfresco Content Services

NVD

CVSS 3.1

7.5

EPSS

0.1%

CVE-2026-26336

EPSS 0% CVSS 7.5

HIGH This Week

Unauthenticated attackers can bypass access controls in Alfresco Content Services to retrieve sensitive files from protected directories such as WEB-INF through the /share/page/resource/ endpoint. This vulnerability exposes critical configuration data and credentials without requiring authentication or user interaction. No patch is currently available for this remotely exploitable issue affecting Alfresco deployments.

Authentication Bypass Information Disclosure Alfresco Content Services

NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy