CVE-2026-27305

Name of the Vulnerable Software and Affected Versions Adobe ColdFusion versions prior to 2025.6

Description An improper limitation of a pathname to a restricted directory allows unauthenticated attackers to perform a path traversal, which is a method used to access files and directories stored outside the intended folder. This can lead to arbitrary file system read, potentially exposing sensitive data. Exploitation of this issue does not require user interaction and involves the fetchCFSettingFile function.

Recommendations Update to a version later than 2025.6.