CVE-2026-2252
Published: 27 February 2026
Summary
CVE-2026-2252 is a high-severity Improper Restriction of XML External Entity Reference (CWE-611) vulnerability in Xerox Freeflow Core. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 18.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-2252 is an XML External Entity (XXE) vulnerability in Xerox FreeFlow Core that enables Server-Side Request Forgery (SSRF) through crafted XML input containing malicious external entity references. The issue affects versions up to and including 8.0.7 and is associated with CWE-611 (Improper Restriction of XML External Entity Reference) and CWE-918 (Server-Side Request Forgery). It has a CVSS v3.1 base score of 7.5, reflecting network accessibility, low attack complexity, no privileges or user interaction required, unchanged scope, high confidentiality impact, and no integrity or availability impact.
Unauthenticated remote attackers can exploit this vulnerability by submitting specially crafted XML payloads to the affected Xerox FreeFlow Core instance. Successful exploitation allows the attacker to perform SSRF, potentially enabling access to internal network resources, metadata services, or other backend systems not directly exposed to the internet, leading to unauthorized data disclosure.
Xerox's security advisory recommends upgrading to FreeFlow Core version 8.1.0, available for download at https://www.support.xerox.com/en-us/product/core/downloads. Additional details are provided in the Xerox Security Bulletin XSB-026-005, accessible at https://securitydocs.business.xerox.com/wp-content/uploads/2026/02/Xerox-Security-Bulletin-026-005-for-Xerox-Freeflow-Core.pdf.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-9015
Vulnerability details
An XML External Entity (XXE) vulnerability allows malicious user to perform Server-Side Request Forgery (SSRF) via crafted XML input containing malicious external entity references. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to…
more
FreeFlow Core version 8.1.0 via the software available on - https://www.support.xerox.com/en-us/product/core/downloads
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
XXE enabling unauthenticated remote SSRF against a public-facing application directly maps to exploitation of exposed services for internal resource access and data disclosure.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the XXE vulnerability by requiring timely flaw remediation through patching Xerox FreeFlow Core to version 8.1.0.
Enforces validation of crafted XML inputs to prevent processing of malicious external entity references that enable XXE and SSRF.
Boundary protection controls unauthorized communications from SSRF attacks to internal network resources.