Improper Input Validation Vulnerability in Adobe ColdFusion
CVE-2026-48277

10CRITICAL

Key Information:

Vendor

Adobe
Status
Coldfusion
Vendor
CVE Published:
30 June 2026

What is CVE-2026-48277?

A vulnerability exists in Adobe ColdFusion that arises from improper input validation in versions 2025.9, 2023.20, and earlier. This flaw may allow attackers to execute arbitrary code in the context of the current user without requiring any user interaction. Successful exploitation can enable unauthorized actions that compromise the integrity and security of the server. For detailed information on this vulnerability and recommended mitigation measures, refer to the Adobe security advisory.

Affected Version(s)

ColdFusion 0 <= 2023.20

References

https://helpx.adobe.com/security/products/coldfusion/apsb...
vendor-advisory

CVSS V3.1

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.