{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-24T15:27:57.317","vulnerabilities":[{"cve":{"id":"CVE-2026-2252","sourceIdentifier":"10b61619-3869-496c-8a1e-f291b0e71e3f","published":"2026-02-27T09:16:17.130","lastModified":"2026-06-17T10:30:38.147","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An XML External Entity (XXE) vulnerability allows malicious user to perform Server-Side Request Forgery (SSRF) via crafted XML input containing malicious external entity references.\n\nThis issue affects Xerox FreeFlow Core versions up to and including 8.0.7. \n\nPlease consider upgrading to FreeFlow Core version 8.1.0 via the software available on -  https://www.support.xerox.com/en-us/product/core/downloads"},{"lang":"es","value":"Una vulnerabilidad de Entidad Externa XML (XXE) permite a un usuario malintencionado realizar una falsificación de petición del lado del servidor (SSRF) a través de una entrada XML manipulada que contiene referencias a entidades externas maliciosas.\n\nEste problema afecta a las versiones de Xerox FreeFlow Core hasta la 8.0.7 inclusive.\n\nConsidere actualizar a la versión 8.1.0 de FreeFlow Core a través del software disponible en - https://www.support.xerox.com/en-us/product/core/downloads"}],"affected":[{"source":"10b61619-3869-496c-8a1e-f291b0e71e3f","affectedData":[{"vendor":"Xerox","product":"FreeFlow Core","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"8.0.7","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"10b61619-3869-496c-8a1e-f291b0e71e3f","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-03T19:27:58.048822Z","id":"CVE-2026-2252","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"10b61619-3869-496c-8a1e-f291b0e71e3f","type":"Secondary","description":[{"lang":"en","value":"CWE-611"},{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:xerox:freeflow_core:*:*:*:*:*:*:*:*","versionEndExcluding":"8.1.0","matchCriteriaId":"BB016BFC-2C5B-4CFA-BC3C-B5A9DBF893F1"}]}]}],"references":[{"url":"https://securitydocs.business.xerox.com/wp-content/uploads/2026/02/Xerox-Security-Bulletin-026-005-for-Xerox-Freeflow-Core.pdf","source":"10b61619-3869-496c-8a1e-f291b0e71e3f","tags":["Vendor Advisory"]}]}}]}