Skip to main content

Alfresco Content Services

5 CVEs product

Monthly

CVE-2026-26336 HIGH This Week

Unauthenticated attackers can bypass access controls in Alfresco Content Services to retrieve sensitive files from protected directories such as WEB-INF through the /share/page/resource/ endpoint. This vulnerability exposes critical configuration data and credentials without requiring authentication or user interaction. No patch is currently available for this remotely exploitable issue affecting Alfresco deployments.

Authentication Bypass Information Disclosure Alfresco Content Services
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-40347 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability in Hyland Alfresco Platform 23.2.1-r96 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Alfresco Content Services
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-49964 HIGH This Week

An issue was discovered in Hyland Alfresco Community Edition through 7.2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Alfresco Content Services
NVD GitHub
CVSS 3.1
8.8
EPSS
34.7%
CVE-2021-41792 MEDIUM This Month

An issue was discovered in Hyland org.alfresco:alfresco-content-services through 6.2.2.18 and org.alfresco:alfresco-transform-services through 1.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Alfresco Content Services Alfresco Transform Services
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-41790 HIGH This Week

An issue was discovered in Hyland org.alfresco:alfresco-content-services through 7.0.1.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Alfresco Content Services
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
EPSS 0% CVSS 7.5
HIGH This Week

Unauthenticated attackers can bypass access controls in Alfresco Content Services to retrieve sensitive files from protected directories such as WEB-INF through the /share/page/resource/ endpoint. This vulnerability exposes critical configuration data and credentials without requiring authentication or user interaction. No patch is currently available for this remotely exploitable issue affecting Alfresco deployments.

Authentication Bypass Information Disclosure Alfresco Content Services
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability in Hyland Alfresco Platform 23.2.1-r96 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Alfresco Content Services
NVD GitHub
EPSS 35% CVSS 8.8
HIGH This Week

An issue was discovered in Hyland Alfresco Community Edition through 7.2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Alfresco Content Services
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM This Month

An issue was discovered in Hyland org.alfresco:alfresco-content-services through 6.2.2.18 and org.alfresco:alfresco-transform-services through 1.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Alfresco Content Services Alfresco Transform Services
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

An issue was discovered in Hyland org.alfresco:alfresco-content-services through 7.0.1.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Alfresco Content Services
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy