Hyland Alfresco Transformation Service Argument Injection RCE_CVE-2026-26339

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/

Description

Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve remote code execution through the argument injection vulnerability, which exists in the document processing functionality.

AI Analysis

Argument injection vulnerability allowing remote code execution in document processing functionality

Basic Information

ID CVE-2026-26339

Source VulnCheck

Published Feb 19, 2026 at 17:04

Affected Product

Vendor Hyland

Product Alfresco Transformation Service (Enterprise)

Affected Versions Hyland Alfresco Transformation Service (Enterprise) 0
Hyland Alfresco Community (Transform Core) 0

CWE Classification

CWE-918

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor Hyland

Product Alfresco Transformation Service

References

{
    "lastseen": "",
    "description": "Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve remote code execution through the argument injection vulnerability, which exists in the document processing functionality.",
    "published": "2026-02-19T17:04:46.617Z",
    "modified": "2026-02-19T17:04:46.617Z",
    "type": "cve",
    "title": "Hyland Alfresco Transformation Service Argument Injection RCE",
    "source": "VulnCheck",
    "references": "https://www.hyland.com/en/solutions/products/alfresco-platform\nhttps://www.vulncheck.com/advisories/hyland-alfresco-transformation-service-argument-injection-rce",
    "id": "CVE-2026-26339",
    "bulletinFamily": "",
    "cwe": [
        "CWE-918"
    ],
    "cvelist": null,
    "sourceData": "Hyland Alfresco Transformation Service (Enterprise) 0\nHyland Alfresco Community (Transform Core) 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Alfresco Transformation Service (Enterprise)",
    "version": "0",
    "vendor": "Hyland",
    "ai_description": "Argument injection vulnerability allowing remote code execution in document processing functionality",
    "ai_severity": "Critical",
    "ai_vendor": "Hyland",
    "ai_product": "Alfresco Transformation Service",
    "ai_version": "0",
    "ai_score": 9.3
}