PT-2026-53900 · Adobe · Coldfusion
Published
2026-06-30
·
Updated
2026-07-08
·
CVE-2026-48276
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Adobe ColdFusion versions prior to 2025.10
Adobe ColdFusion versions prior to 2023.21
Description
An unrestricted upload of files with dangerous types allows for arbitrary code execution in the context of the current user. The issue stems from improper input validation and content-type enforcement, enabling an attacker to remotely send a crafted upload request to a reachable endpoint. Successful exploitation can lead to full server compromise, lateral movement, and data theft without requiring user interaction.
Recommendations
Upgrade Adobe ColdFusion versions prior to 2025.10 to version 2025.10 or later.
Upgrade Adobe ColdFusion versions prior to 2023.21 to version 2023.21 or later.
Fix
RCE
LPE
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Coldfusion