Alfresco Transform Core CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-26339	1 Hyland	4 Alfresco Community, Alfresco Transform Core, Alfresco Transform Service and 1 more	2026-03-02	9.8 Critical
Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve remote code execution through the argument injection vulnerability, which exists in the document processing functionality.
CVE-2026-26337	1 Hyland	4 Alfresco Community, Alfresco Transform Core, Alfresco Transform Service and 1 more	2026-03-02	8.2 High
Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve both arbitrary file read and server-side request forgery through the absolute path traversal.
CVE-2026-26338	1 Hyland	4 Alfresco Community, Alfresco Transform Core, Alfresco Transform Service and 1 more	2026-03-02	9.8 Critical
Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve server-side request forgery (SSRF) through the document processing functionality.

Page 1 of 1.