CVE-2026-34619

Name of the Vulnerable Software and Affected Versions ColdFusion versions prior to 2025.7

Description An improper limitation of a pathname to a restricted directory, known as path traversal, allows unauthenticated attackers to bypass security restrictions. This issue enables access to unauthorized files or directories outside the intended paths by sending crafted requests. Exploitation does not require user interaction.

Recommendations Update to a version newer than 2025.6.