CVE-2026-26339

Summary

Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve remote code execution through the argument injection vulnerability, which exists in the document processing functionality.

Affected Software

VendorProductVersion RangeStatus
HylandAlfresco Transformation Service (Enterprise)0 < 4.2.3affected
HylandAlfresco Community (Transform Core)0 < 5.2.4affected

Weaknesses

  • CWE-918: CWE-918 Server-Side Request Forgery (SSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References