ColdFusion | Incorrect Authorization (CWE-863)
CVE-2026-47929

8.4HIGH

Key Information:

Vendor: Adobe
Status: Coldfusion
Vendor: CVE Published:; 9 June 2026

What is CVE-2026-47929?

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could exploit this vulnerability to gain elevated access or control over the victim's account or session. Exploitation of this issue does not require user interaction. Scope is changed.

Affected Version(s)

ColdFusion 0 <= 2025.8

References

https://helpx.adobe.com/security/products/coldfusion/apsb...

vendor-advisory

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2026
Vulnerability Reserved
May 20, 2026

CVE-2026-47929 Data

JSON

Adobe

What is CVE-2026-47929?

Affected Version(s)

References

CVSS V3.1

Timeline