Cyber Resilience

CVE-2026-2252

High

Published: 27 February 2026

Published
27 February 2026
Modified
02 March 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0006 18.8th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-2252 is a high-severity Improper Restriction of XML External Entity Reference (CWE-611) vulnerability in Xerox Freeflow Core. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 18.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-2252 is an XML External Entity (XXE) vulnerability in Xerox FreeFlow Core that enables Server-Side Request Forgery (SSRF) through crafted XML input containing malicious external entity references. The issue affects versions up to and including 8.0.7 and is associated with CWE-611 (Improper Restriction of XML External Entity Reference) and CWE-918 (Server-Side Request Forgery). It has a CVSS v3.1 base score of 7.5, reflecting network accessibility, low attack complexity, no privileges or user interaction required, unchanged scope, high confidentiality impact, and no integrity or availability impact.

Unauthenticated remote attackers can exploit this vulnerability by submitting specially crafted XML payloads to the affected Xerox FreeFlow Core instance. Successful exploitation allows the attacker to perform SSRF, potentially enabling access to internal network resources, metadata services, or other backend systems not directly exposed to the internet, leading to unauthorized data disclosure.

Xerox's security advisory recommends upgrading to FreeFlow Core version 8.1.0, available for download at https://www.support.xerox.com/en-us/product/core/downloads. Additional details are provided in the Xerox Security Bulletin XSB-026-005, accessible at https://securitydocs.business.xerox.com/wp-content/uploads/2026/02/Xerox-Security-Bulletin-026-005-for-Xerox-Freeflow-Core.pdf.

EU & UK References

Vulnerability details

An XML External Entity (XXE) vulnerability allows malicious user to perform Server-Side Request Forgery (SSRF) via crafted XML input containing malicious external entity references. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to…

more

FreeFlow Core version 8.1.0 via the software available on - https://www.support.xerox.com/en-us/product/core/downloads

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

XXE enabling unauthenticated remote SSRF against a public-facing application directly maps to exploitation of exposed services for internal resource access and data disclosure.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-2251Same product: Xerox Freeflow Core
CVE-2025-8356Same product: Xerox Freeflow Core
CVE-2024-55925Same vendor: Xerox
CVE-2024-55927Same vendor: Xerox
CVE-2024-55926Same vendor: Xerox
CVE-2026-6514Shared CWE-918
CVE-2026-44116Shared CWE-918
CVE-2026-21887Shared CWE-918
CVE-2026-31910Shared CWE-918
CVE-2026-48153Shared CWE-918

Affected Assets

xerox
freeflow core
≤ 8.1.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the XXE vulnerability by requiring timely flaw remediation through patching Xerox FreeFlow Core to version 8.1.0.

prevent

Enforces validation of crafted XML inputs to prevent processing of malicious external entity references that enable XXE and SSRF.

prevent

Boundary protection controls unauthorized communications from SSRF attacks to internal network resources.

References