Primary

Context

Xerox FreeFlow Core XML External Entity Vulnerability Leading to Server-Side Request Forgery

Vulnerability

Patched

A vulnerability allowing XML External Entity (XXE) processing has been identified in Xerox FreeFlow Core versions prior to 8.1.0. This vulnerability enables malicious users to perform Server-Side Request Forgery (SSRF) by sending crafted XML input that includes harmful external entity references.

Impact

Exploitation of this vulnerability allows for Server-Side Request Forgery, where an attacker can make the server send requests on its behalf, potentially leading to unauthorized access or manipulation of data.

Remediation

Users are advised to upgrade to Xerox FreeFlow Core version 8.1.0, available through the Xerox Support website.

Added: Feb 27, 2026, 9:18 AM

Updated: Feb 27, 2026, 2:47 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

0.4

exploitability

4.3

remediation

7.7

relevance

3.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

0.4

exploitability

4.3

remediation

7.7

relevance

3.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Xerox FreeFlow Core XML External Entity Vulnerability Leading to Server-Side Request Forgery

Vulnerability

Impact

Remediation

Affected Products

Xerox FreeFlow Core

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating