{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-26336", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-02-13T17:28:43.052Z", "datePublished": "2026-02-19T15:56:25.781Z", "dateUpdated": "2026-05-11T23:11:19.969Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Alfresco Enterprise", "vendor": "Hyland", "versions": [{"lessThan": "7.4.2.6", "status": "affected", "version": "7.4.0", "versionType": "custom"}, {"lessThan": "23.6.1", "status": "affected", "version": "23.6.0", "versionType": "semver"}, {"lessThan": "25.3.0", "status": "affected", "version": "25.1.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Alfresco Community", "vendor": "Hyland", "versions": [{"lessThan": "25.3.0", "status": "affected", "version": "0", "versionType": "semver"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:hyland:alfresco_content_services:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "7.4.0", "versionEndExcluding": "7.4.2.6"}, {"vulnerable": true, "criteria": "cpe:2.3:a:hyland:alfresco_content_services:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "23.6.0", "versionEndExcluding": "23.6.1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:hyland:alfresco_content_services:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "25.1.0", "versionEndExcluding": "25.3.0"}]}]}, {"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:hyland:alfresco_content_services:*:*:*:*:community:*:*:*", "versionEndExcluding": "25.3.0"}]}]}], "credits": [{"lang": "en", "type": "finder", "value": "Piotr Bazydlo (@chudyPB) of watchTowr"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories (like WEB-INF) via the \"/share/page/resource/\" endpoint, thus leading to the disclosure of sensitive configuration files."}], "value": "Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories (like WEB-INF) via the \"/share/page/resource/\" endpoint, thus leading to the disclosure of sensitive configuration files."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-05-11T23:11:19.969Z"}, "references": [{"tags": ["vendor-advisory", "patch"], "url": "https://connect.hyland.com/t5/alfresco-blog/cve-2026-26336-unauthenticated-arbitrary-file-read-in-alfresco/ba-p/496550"}, {"tags": ["product"], "url": "https://www.hyland.com/en/solutions/products/alfresco-platform"}, {"tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/hyland-alfresco-improper-authorization-arbitrary-file-read"}], "source": {"discovery": "EXTERNAL"}, "title": "Hyland Alfresco Improper Authorization Arbitrary File Read", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-20T19:05:44.420187Z", "id": "CVE-2026-26336", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-20T19:06:06.164Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-26336", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-20T19:05:44.420187Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-20T19:05:57.220Z"}}], "cna": {"title": "Hyland Alfresco Improper Authorization Arbitrary File Read", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Piotr Bazydlo (@chudyPB) of watchTowr"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Hyland", "product": "Alfresco Enterprise", "versions": [{"status": "affected", "version": "7.4.0", "lessThan": "7.4.2.6", "versionType": "semver"}, {"status": "affected", "version": "23.6.0", "lessThan": "23.6.1", "versionType": "semver"}, {"status": "affected", "version": "25.1.0", "lessThan": "25.3.0", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Hyland", "product": "Alfresco Community", "versions": [{"status": "affected", "version": "0", "lessThan": "25.3.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://connect.hyland.com/t5/alfresco-blog/cve-2026-26336-unauthenticated-arbitrary-file-read-in-alfresco/ba-p/496550", "tags": ["vendor-advisory", "patch"]}, {"url": "https://www.hyland.com/en/solutions/products/alfresco-platform", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/hyland-alfresco-improper-authorization-arbitrary-file-read", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories (like WEB-INF) via the \"/share/page/resource/\" endpoint, thus leading to the disclosure of sensitive configuration files.", "supportingMedia": [{"type": "text/html", "value": "Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories (like WEB-INF) via the \"/share/page/resource/\" endpoint, thus leading to the disclosure of sensitive configuration files.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hyland:alfresco_content_services:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "versionEndExcluding": "7.4.2.6", "versionStartIncluding": "7.4.0"}, {"criteria": "cpe:2.3:a:hyland:alfresco_content_services:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "versionEndExcluding": "23.6.1", "versionStartIncluding": "23.6.0"}, {"criteria": "cpe:2.3:a:hyland:alfresco_content_services:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "versionEndExcluding": "25.3.0", "versionStartIncluding": "25.1.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hyland:alfresco_content_services:*:*:*:*:community:*:*:*", "vulnerable": true, "versionEndExcluding": "25.3.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-23T15:46:25.099Z"}}}, "cveMetadata": {"cveId": "CVE-2026-26336", "state": "PUBLISHED", "dateUpdated": "2026-03-23T15:46:25.099Z", "dateReserved": "2026-02-13T17:28:43.052Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-02-19T15:56:25.781Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hyland:alfresco_content_services:*:*:*:*:community:*:*:*", "matchCriteriaId": "73D56A86-3F59-4DC1-AD37-29AB25F5C1D2", "versionEndExcluding": "25.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hyland:alfresco_content_services:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "3BA4C72B-BE8E-49FD-92B2-7FBBA8BBCD19", "versionEndIncluding": "7.4.2.5", "versionStartIncluding": "7.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hyland:alfresco_content_services:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "79BCECD6-BFBA-4259-B53D-132EEFF6C51A", "versionEndIncluding": "23.6.0", "versionStartIncluding": "23.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:hyland:alfresco_content_services:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "71EB1048-3C50-40DF-89A0-502984FA642D", "versionEndIncluding": "25.2", "versionStartIncluding": "25.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories (like WEB-INF) via the \"/share/page/resource/\" endpoint, thus leading to the disclosure of sensitive configuration files."}, {"lang": "es", "value": "Hyland Alfresco permite a atacantes no autenticados leer archivos arbitrarios de directorios protegidos (como WEB-INF) a trav\u00e9s del endpoint '/share/page/resource/', lo que lleva a la divulgaci\u00f3n de archivos de configuraci\u00f3n sensibles."}], "id": "CVE-2026-26336", "lastModified": "2026-03-03T16:37:14.833", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "disclosure@vulncheck.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-02-19T17:24:50.943", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Vendor Advisory"], "url": "https://connect.hyland.com/t5/alfresco-blog/cve-2026-26336-unauthenticated-arbitrary-file-read-in-alfresco/ba-p/496550"}, {"source": "disclosure@vulncheck.com", "tags": ["Product"], "url": "https://www.hyland.com/en/solutions/products/alfresco-platform"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://www.vulncheck.com/advisories/hyland-alfresco-improper-authorization-arbitrary-file-read"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "disclosure@vulncheck.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,25.3.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Alfresco Community", "source": "cna", "vendor": "Hyland"}, "product": "alfresco_community", "vendor": "hyland"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[7.4.x,7.4.2.6)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[23.6.x,23.6.1)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[25.1.x,25.3.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Alfresco Enterprise", "source": "cna", "vendor": "Hyland"}, "product": "alfresco_enterprise", "vendor": "hyland"}], "analysis": {"en": {"generated_at": "2026-04-16T06:26:06.540499+00:00", "value": {"mitigation_remediation": ["Apply vendor patch or update to the latest Alfresco release that removes or secures the /share/page/resource/ endpoint", "Configure web server or application firewall rules to block unauthenticated access to the /share/page/resource/ path", "Verify that configuration files in protected directories (e.g., WEB-INF) are not served by the application and consider moving sensitive data outside web-accessible locations"], "summary": {"action": "Apply Patch", "impact": "Unauthorized Information Disclosure"}, "threat_synthesis": {"affected_systems": "The vulnerability affects both the Hyland Alfresco Community and the Hyland Alfresco Enterprise editions. Any deployment of these products that includes the /share/page/resource/ endpoint and exposes configuration directories, particularly WEB-INF, is potentially susceptible. The issue is present across all supported versions of the product family that have this endpoint, as no specific version restrictions are listed.", "description_and_impact": "Hyland Alfresco possesses an endpoint, \"/share/page/resource/\", that can be accessed without authentication. By requesting any file path through this endpoint, an attacker can read arbitrary files located in protected directories such as WEB-INF. The resulting exposure of configuration files constitutes a significant breach of confidentiality, potentially enabling further attacks on the system. This weakness is identified as a CWE-863 Improper Authorization error, allowing unauthenticated users to access protected resources.", "risk_and_exploitability": "The CVSS score of 8.7 indicates a high impact with broad exploitation potential, but the EPSS score of less than 1% suggests that the likelihood of real-world exploitation is currently low. The vulnerability is not listed in the CISA KEV catalog, so no known active exploits have been reported to date. An attacker could exploit it remotely without credentials, though the attack would still require the ability to send HTTP requests to the vulnerable application. The lack of a published patch at this time increases the urgency for customers to monitor for an official fix or implement interim controls."}}}}, "created": "2026-02-20T10:06:23.692065+00:00", "updated": "2026-04-16T06:30:06.029115+00:00", "vendors": ["hyland", "hyland$PRODUCT$alfresco_community", "hyland$PRODUCT$alfresco_enterprise"]}