Hyland Alfresco Transformation Service Absolute Path Traversal Arbitrary File Read and SSRF Vulnerability

Vulnerability

A vulnerability in Hyland Alfresco Transformation Service has been identified, allowing unauthenticated attackers to perform arbitrary file reads and conduct server-side request forgery (SSRF) attacks through absolute path traversal. This issue affects Alfresco Transformation Service (Enterprise) versions prior to 4.3.0 and Alfresco Community (Transform Core) versions prior to 5.3.0.

Impact

Exploitation of this vulnerability could lead to unauthorized file access and SSRF, allowing attackers to make requests to internal services or resources on behalf of the server.

Added: Feb 19, 2026, 7:18 PM

Updated: Feb 19, 2026, 7:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

3.2

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

3.2

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Hyland Alfresco Transformation Service Absolute Path Traversal Arbitrary File Read and SSRF Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating