Path Traversal Vulnerability in ColdFusion by Adobe
CVE-2026-27305
8.6HIGH
What is CVE-2026-27305?
A vulnerability in Adobe ColdFusion allows an attacker to exploit an improper limitation of a pathname to a restricted directory, commonly known as a path traversal issue. This flaw affects ColdFusion versions 2023.18, 2025.6, and earlier, enabling unauthorized access to sensitive files and directories beyond the intended scope. Exploitation of this vulnerability occurs without requiring user interaction, thereby increasing the risk of unauthorized data exposure.
Affected Version(s)
ColdFusion 0 <= 2025.6
References
EPSS Score
28% chance of being exploited in the next 30 days.
CVSS V3.1
Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved