CVE-2026-2251CRITICAL 9.8EPSS p30.6%

CVE-2026-2251CVE-2026-2251

Description

Improper limitation of a pathname to a restricted directory (Path Traversal) vulnerability in Xerox FreeFlow Core allows unauthorized path traversal leading to RCE. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core version 8.1.0 via the software available on - https://www.support.xerox.com/en-us/product/core/downloads https://www.support.xerox.com/en-us/product/core/downloads

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.39% probability of exploitation · percentile 30.6% · 2026-06-18T12:00:27Z
Published2026-02-27
Last modified2026-03-02

Underlying weaknesses· 1

CWE-22

References

  1. https://securitydocs.business.xerox.com/wp-content/uploads/2026/02/Xerox-Security-Bulletin-026-005-for-Xerox-Freeflow-Core.pdf

1

TypeTargetConfidenceTier
WeaknessImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')cwe-220%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-8356
CVE
CVE-2025-54261
CVE
CVE-2025-26534
CVE
CVE-2026-27305
CVE
CVE-2025-46783
CVE
CVE-2025-30290
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.