securityaffairs.com 7/6/2026, 8:32:33 PM · external

Attackers hit Adobe ColdFusion via CVE-2026-48282 within hours

Attackers hit Adobe ColdFusion via CVE-2026-48282 within hours
CyberSIXT Evidence Panel Source marked as original reporting
CVE Intel
CISA KEV Not in KEV
Patch Patch Available

A critical vulnerability in Adobe ColdFusion, known as CVE-2026-48282, is currently being exploited by attackers, allowing remote code execution on unpatched servers. This flaw, which is a path traversal issue, affects several versions of ColdFusion and enables arbitrary code execution without the need for authentication. Reports indicate that exploitation began less than two hours after the vulnerability's details were made public.

The commercial availability of the exploit has raised concerns, prompting a warning from the company for all organizations using ColdFusion to install the latest security updates. Past incidents of exploitation related to Adobe ColdFusion vulnerabilities add to the urgency of addressing this issue.

View full article

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline