PT-2026-53910 · Adobe · Coldfusion

Publicado

2026-06-30

·

Atualizado

2026-06-30

·

CVE-2026-48315

CVSS v3.1

9.3

Crítica

VetorAV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-48315

Produtos afetados

Coldfusion