CVE-2026-2252
Published: 27 February 2026
Summary
CVE-2026-2252 is a high-severity Improper Restriction of XML External Entity Reference (CWE-611) vulnerability in Xerox Freeflow Core. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 18.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Penetration testing includes XML external entity payloads, detecting XXE vulnerabilities and enabling their mitigation.
Identifies XML external entity processing via monitoring of unusual file/network access or resource usage.
Outbound connections to external resources can be monitored and limited at the boundary, reducing SSRF impact.
Validates server-side URLs and resource references to block SSRF attempts.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
XXE enabling unauthenticated remote SSRF against a public-facing application directly maps to exploitation of exposed services for internal resource access and data disclosure.
NVD Description
An XML External Entity (XXE) vulnerability allows malicious user to perform Server-Side Request Forgery (SSRF) via crafted XML input containing malicious external entity references. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to…
more
FreeFlow Core version 8.1.0 via the software available on - https://www.support.xerox.com/en-us/product/core/downloads
Deeper analysisAI
CVE-2026-2252 is an XML External Entity (XXE) vulnerability in Xerox FreeFlow Core that enables Server-Side Request Forgery (SSRF) through crafted XML input containing malicious external entity references. The issue affects versions up to and including 8.0.7 and is associated with CWE-611 (Improper Restriction of XML External Entity Reference) and CWE-918 (Server-Side Request Forgery). It has a CVSS v3.1 base score of 7.5, reflecting network accessibility, low attack complexity, no privileges or user interaction required, unchanged scope, high confidentiality impact, and no integrity or availability impact.
Unauthenticated remote attackers can exploit this vulnerability by submitting specially crafted XML payloads to the affected Xerox FreeFlow Core instance. Successful exploitation allows the attacker to perform SSRF, potentially enabling access to internal network resources, metadata services, or other backend systems not directly exposed to the internet, leading to unauthorized data disclosure.
Xerox's security advisory recommends upgrading to FreeFlow Core version 8.1.0, available for download at https://www.support.xerox.com/en-us/product/core/downloads. Additional details are provided in the Xerox Security Bulletin XSB-026-005, accessible at https://securitydocs.business.xerox.com/wp-content/uploads/2026/02/Xerox-Security-Bulletin-026-005-for-Xerox-Freeflow-Core.pdf.
Details
- CWE(s)