Vulnerability intelligence
CVE-2026-48283
ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.
CVSS Score
10
Critical
EPSS — Exploit Probability
0.0%
Riskier than 0% of all CVEs
Exploitation
Not in CISA KEV
No federal exploitation record
Remediation
Patch available
Vendor fix published
1 article across 1 outlet · first covered Jul 1, 2026 · latest Jul 1, 2026
Coverage timeline
-
Adobe fixes ColdFusion Campaign Classic bugs, urges patchwww.securityweek.com · Jul 1, 2026