securityonline.info 7/3/2026, 5:32:13 AM · external

Active ColdFusion Arbitrary Code Execution Flaw Scores CVSS 10

Active ColdFusion Arbitrary Code Execution Flaw Scores CVSS 10
Developing story vulnerability 4 articles tracked
Adobe patches critical ColdFusion and Campaign Classic vulnerabilities
CyberSIXT Evidence Panel
Primary Source helpx.adobe.com
CVE Intel
CISA KEV Not in KEV
Patch Patch Available

A critical vulnerability, designated CVE-2026-48282, in Adobe ColdFusion allows for arbitrary code execution without user interaction. This flaw exploits a path traversal issue, enabling attackers to gain full control of affected servers remotely. The vulnerability affects ColdFusion 2025 Update 9 and earlier, as well as ColdFusion 2023 Update 20 and earlier versions. Emergency patches have been released by Adobe and must be applied immediately to prevent exploitation. The Canadian Centre for Cyber Security has warned of ongoing active attacks, which began shortly after the public disclosure of the vulnerability.

View Primary Source Via securityonline.info

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline