Browse all 7 CVE security advisories affecting Hyland. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Hyland develops enterprise content management and document processing solutions, serving organizations with workflow automation and data integration. Historically, vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation, often stemming from input validation flaws in web interfaces. The company has addressed security gaps in its OnBase platform, with CVEs revealing issues in authentication mechanisms and API endpoints. While no major public security incidents have been widely reported, the consistent presence of multiple CVEs indicates ongoing security challenges requiring vigilant patch management. Organizations implementing Hyland solutions should prioritize regular updates and security assessments to mitigate potential exploitation risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-26339 | Hyland Alfresco Transformation Service Argument Injection RCE — Alfresco Transformation Service (Enterprise)CWE-918 | 9.8 | Critical | 2026-02-19 |
| CVE-2026-26338 | Hyland Alfresco Transformation Service SSRF — Alfresco Transformation Service (Enterprise)CWE-918 | 9.8 | Critical | 2026-02-19 |
| CVE-2026-26337 | Hyland Alfresco Transformation Service Absolute Path Traversal Arbitrary File Read and SSRF — Alfresco Transformation Service (Enterprise)CWE-36 | 8.2 | High | 2026-02-19 |
| CVE-2026-26336 | Hyland Alfresco Improper Authorization Arbitrary File Read — Alfresco EnterpriseCWE-863 | 7.5 | High | 2026-02-19 |
| CVE-2026-26221 | Hyland OnBase Timer Services Unauthenticated .NET Remoting RCE — OnBase Workflow Timer ServiceCWE-502 | 9.8 | Critical | 2026-02-13 |
| CVE-2025-0557 | Hyland Alfresco Community Edition URL s cross site scripting — Alfresco Community EditionCWE-79 | 4.3 | Medium | 2025-01-18 |
| CVE-2021-32828 | Regular expression Denial of Service in MooTools — NuxeoCWE-502 | 5.4 | Medium | 2023-01-05 |
This page lists every published CVE security advisory associated with Hyland. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.