ADOBE has released security updates for ColdFusion and Campaign Classic addressing multiple critical vulnerabilities. The Campaign Classic update resolves CVE-2026-48286 (CVSS 10), allowing potential arbitrary code execution. ColdFusion updates address 11 defects, including six rated 10/10, with vulnerabilities tracked as CVE-2026-48276 to CVE-2026-48283, linked to unrestricted file uploads and improper input validation.
Users are encouraged to update immediately, as Adobe has assigned a priority rating of 1, indicating likelihood of exploitation. Critical flaws include path traversal and XSS issues.