PT-2026-53900 · Adobe · Coldfusion

Published

2026-06-30

·

Updated

2026-07-08

·

CVE-2026-48276

CVSS v3.1

10

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Adobe ColdFusion versions prior to 2025.10 Adobe ColdFusion versions prior to 2023.21
Description An unrestricted upload of files with dangerous types allows for arbitrary code execution in the context of the current user. The issue stems from improper input validation and content-type enforcement, enabling an attacker to remotely send a crafted upload request to a reachable endpoint. Successful exploitation can lead to full server compromise, lateral movement, and data theft without requiring user interaction.
Recommendations Upgrade Adobe ColdFusion versions prior to 2025.10 to version 2025.10 or later. Upgrade Adobe ColdFusion versions prior to 2023.21 to version 2023.21 or later.

Fix

RCE

LPE

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BDU:2026-09258
CVE-2026-48276

Affected Products

Coldfusion