Adobe patches ColdFusion flaws to block arbitrary code execution

ADOBE has addressed 11 vulnerabilities in ColdFusion, including six critical flaws with a CVSS score of 10.0, allowing for arbitrary code execution. The most urgent updates were released on June 30, 2026, following no known exploits in the wild. Key issues include unrestricted file uploads and improper input validation. Impacted versions include ColdFusion 2025 Update 9 and earlier, as well as ColdFusion 2023 Update 20 and earlier. Users are urged to apply the patches from ColdFusion 2025 Update 10 and 2023 Update 21 to mitigate risks.