Hyland Alfresco Content Services
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Hyland Alfresco Content Services.
By the Year
In 2026 there have been 1 vulnerability in Hyland Alfresco Content Services with an average score of 7.5 out of ten. Alfresco Content Services did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2026 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 1 | 7.50 |
| 2025 | 0 | 0.00 |
| 2024 | 1 | 6.10 |
| 2023 | 1 | 8.80 |
It may take a day or so for new Alfresco Content Services vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Hyland Alfresco Content Services Security Vulnerabilities
Alfresco Unauth File Disclosure via /share/page/resource/
CVE-2026-26336
7.5 - High
- February 19, 2026
Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories (like WEB-INF) via the "/share/page/resource/" endpoint, thus leading to the disclosure of sensitive configuration files.
AuthZ
XSS via htmlid param in Hyland Alfresco 23.2.1-r96
CVE-2024-40347
6.1 - Medium
- July 20, 2024
A reflected cross-site scripting (XSS) vulnerability in Hyland Alfresco Platform 23.2.1-r96 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the parameter htmlid.
XSS
Alfresco CE 7.2.0 SSTI via folder.get.html.ftl RCE
CVE-2023-49964
8.8 - High
- December 11, 2023
An issue was discovered in Hyland Alfresco Community Edition through 7.2.0. By inserting malicious content in the folder.get.html.ftl file, an attacker may perform SSTI (Server-Side Template Injection) attacks, which can leverage FreeMarker exposed objects to bypass restrictions and achieve RCE (Remote Code Execution). NOTE: this issue exists because of an incomplete fix for CVE-2020-12873.
Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Hyland Alfresco Content Services or by Hyland? Click the Watch button to subscribe.
