AEM Forms Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by an XML External Entity (XXE) injection vulnerability that could be abused by an attacker to achieve RCE.
CVE: CVE-2021-40722
Ref: https://helpx.adobe.com/security/products/experience-manager/apsb21-103.html
We thank @ismailmuh for reporting this to Adobe!