PT-2026-53900 · Adobe · Coldfusion

Published

2026-06-30

Updated

2026-06-30

CVE-2026-48276

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Adobe ColdFusion versions prior to 2025.10 Adobe ColdFusion versions prior to 2023.21

Description An unrestricted upload of files with dangerous types allows for arbitrary code execution in the context of the current user. The issue stems from improper input validation and content-type enforcement, enabling an attacker to remotely send a crafted upload request to a reachable endpoint. This exploitation does not require user interaction and can lead to full server compromise, lateral movement, and data theft.

Recommendations Upgrade to Adobe ColdFusion 2025.10 or later. Upgrade to Adobe ColdFusion 2023.21 or later.

Fix

RCE

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2026-48276

Affected Products

Coldfusion

PT-2026-53900 · Adobe · Coldfusion

CVE-2026-48276

Weakness Enumeration

Related Identifiers

Affected Products

References · 5