Alfresco Transformation Service
by Hyland
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-41792 | Med | 0.35 | 5.3 | 0.01 | Oct 21, 2021 | An issue was discovered in Hyland org.alfresco:alfresco-content-services through 6.2.2.18 and org.alfresco:alfresco-transform-services through 1.3. A crafted HTML file, once uploaded, could trigger an unexpected request by the transformation engine. The response to the request… | ||
| CVE-2026-26339 | 0.00 | — | 0.01 | Feb 19, 2026 | Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve remote code execution through the argument injection vulnerability, which exists in the document processing functionality. | |||
| CVE-2026-26338 | 0.00 | — | 0.00 | Feb 19, 2026 | Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve server-side request forgery (SSRF) through the document processing functionality. | |||
| CVE-2026-26337 | 0.00 | — | 0.00 | Feb 19, 2026 | Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve both arbitrary file read and server-side request forgery through the absolute path traversal. |
- risk 0.35cvss 5.3epss 0.01
An issue was discovered in Hyland org.alfresco:alfresco-content-services through 6.2.2.18 and org.alfresco:alfresco-transform-services through 1.3. A crafted HTML file, once uploaded, could trigger an unexpected request by the transformation engine. The response to the request…
- CVE-2026-26339Feb 19, 2026risk 0.00cvss —epss 0.01
Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve remote code execution through the argument injection vulnerability, which exists in the document processing functionality.
- CVE-2026-26338Feb 19, 2026risk 0.00cvss —epss 0.00
Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve server-side request forgery (SSRF) through the document processing functionality.
- CVE-2026-26337Feb 19, 2026risk 0.00cvss —epss 0.00
Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve both arbitrary file read and server-side request forgery through the absolute path traversal.