CVE-2026-27282

Name of the Vulnerable Software and Affected Versions ColdFusion versions 2023.18 and 2025.6 and earlier

Description Improper Input Validation in the 'subscribeToEndpoints' function could result in a security feature bypass. An attacker could leverage this issue to bypass security measures and gain unauthorized access. Exploitation requires user interaction.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.