CVE-2026-2251 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: March 2, 2026
Xerox FreeFlow Core - Remote Code Execution
Overview
Xerox FreeFlow Core <= 8.0.7 contains a path traversal vulnerability caused by improper limitation of pathname to restricted directories, letting unauthorized attackers achieve remote code execution, exploit requires no special privileges.
Severity & Score
Impact
Unauthorized attackers can execute arbitrary code remotely, potentially leading to full system compromise.
Mitigation
Upgrade to FreeFlow Core version 8.1.0.
Social Media Activity(2 posts)
š“ CVE-2026-2251 - Critical (9.8) Improper limitation of a pathname to a restricted directory (Path Traversal) vulnerability in Xerox FreeFlow Core allows unauthorized path traversal leading to RCE. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. ... š https://www.thehackerwire.com/vulnerability/CVE-2026-2251/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
šØ CRITICAL: CVE-2026-2251 in Xerox FreeFlow Core (ā¤8.0.7) allows unauthenticated RCE via path traversal. Patch to 8.1.0 urgently! Full system compromise possible. Details: https://radar.offseq.com/threat/cve-2026-2251-cwe-22-improper-limitation-of-a-path-309f50e5 #OffSeq #Infosec #CVE20262251 #PrintSecurity
View original postRelated Resources
Details
- CVE ID
- CVE-2026-2251
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- path_traversal
- Status
- confirmed
- EPSS
- 5.4%
- Social Posts
- 2
CWE
- CWE-22
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H