A recently patched vulnerability in Adobe ColdFusion, labeled CVE-2026-48282 with a CVSS score of 10/10, is being actively exploited by threat actors. The vulnerability, which allows for path traversal and arbitrary code execution, was addressed in updates released on June 30. Adobe has not confirmed any known exploits, but researchers observed exploitation attempts starting within two hours post-disclosure.
Cybersecurity experts highlight the shrinking time frame for organizations to apply necessary patches, stressing the need for rapid identification of vulnerabilities and effective risk management practices.