CVE-2026-2251: Improper RCE — Critical — Patch Now

Patch now - CVE-2026-2251 is a critical path traversal vulnerability in Xerox FreeFlow Core up to 8.0.7 that grants an unauthenticated attacker remote code execution and full server control via directory traversal. Upgrade to version 8.1.0 immediately.

Security Advisory: Critical Path Traversal Vulnerability in Xerox FreeFlow Core

Overview

A critical security vulnerability has been identified in Xerox FreeFlow Core software. This flaw, classified as a Path Traversal vulnerability, could allow an authenticated attacker to access files and directories outside the intended restricted folder on the server. Successful exploitation can lead to Remote Code Execution (RCE), granting an attacker full control over the affected system.

Vulnerability Details

The vulnerability exists due to improper validation of user-supplied input for file or directory paths within the software. In simple terms, the application does not correctly check if a requested file path is within its allowed directory. An attacker can craft a special request using sequences like ../ to “traverse” backwards out of the intended folder and into other sensitive system directories. This access can then be leveraged to upload or execute malicious code directly on the server.

Affected Products

This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. All deployments running these versions are at risk.

Potential Impact

The impact of this vulnerability is severe (CVSS Score: 9.8 - CRITICAL). An attacker exploiting this flaw could:

• Read, modify, or delete sensitive system files.
• Install malicious software, including ransomware or backdoors.
• Gain persistent, unauthorized access to the server and connected network resources.
• Disrupt printing and workflow services, causing operational downtime.

Remediation and Mitigation

The only complete remediation is to upgrade to a fixed version of the software.

Primary Action - Immediate Upgrade:

• Upgrade to Xerox FreeFlow Core version 8.1.0 or later.
• The patched software is available for download from the official Xerox support portal: https://www.support.xerox.com/en-us/product/core/downloads
• Test the upgrade in a non-production environment following Xerox’s guidelines before deploying organization-wide.

Interim Mitigation (If Immediate Upgrade is Not Possible):

• Ensure the FreeFlow Core server is placed behind a firewall with strict access controls, limiting inbound connections to only trusted, necessary IP addresses.
• Review and minimize the number of user accounts with administrative access to the FreeFlow Core system.
• Monitor server logs for any unusual file access attempts or unexpected system behavior.

Conclusion

Due to the critical nature of this vulnerability and the high potential for complete system compromise, administrators should prioritize upgrading affected Xerox FreeFlow Core systems immediately. Failure to apply the patch leaves systems exposed to significant risk of data breach and service disruption.