A critical vulnerability in Adobe ColdFusion, known as CVE-2026-48282, is currently being exploited by attackers, allowing remote code execution on unpatched servers. This flaw, which is a path traversal issue, affects several versions of ColdFusion and enables arbitrary code execution without the need for authentication. Reports indicate that exploitation began less than two hours after the vulnerability's details were made public.
The commercial availability of the exploit has raised concerns, prompting a warning from the company for all organizations using ColdFusion to install the latest security updates. Past incidents of exploitation related to Adobe ColdFusion vulnerabilities add to the urgency of addressing this issue.