PT-2026-53903 · Adobe · Coldfusion
Published
2026-06-30
·
Updated
2026-07-07
·
CVE-2026-48282
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ColdFusion versions prior to 2025.10
ColdFusion versions prior to 2023.21
Description
An improper limitation of a pathname to a restricted directory, known as path traversal, allows for arbitrary code execution in the context of the current user. This issue does not require user interaction and is being actively exploited in real-world attacks.
Recommendations
Update ColdFusion 2025 to version 2025.10.
Update ColdFusion 2023 to version 2023.21.
Fix
RCE
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Coldfusion