VYPR
Unrated severityNVD Advisory· Published Feb 27, 2026· Updated Mar 6, 2026

XML External Entity (XXE) vulnerability resulting in Server-Side Request Forgery (SSRF)

CVE-2026-2252

Description

An XML External Entity (XXE) vulnerability allows malicious user to perform Server-Side Request Forgery (SSRF) via crafted XML input containing malicious external entity references.

This issue affects Xerox FreeFlow Core versions up to and including 8.0.7.

Please consider upgrading to FreeFlow Core version 8.1.0 via the software available on -  https://www.support.xerox.com/en-us/product/core/downloads

Affected products

2
  • Xerox/FreeFlow Corellm-create2 versions
    <=8.0.7+ 1 more
    • (no CPE)range: <=8.0.7
    • (no CPE)range: 0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.