Unrestricted File Upload Risk in Adobe ColdFusion Products
CVE-2026-48283

10CRITICAL

Key Information:

Vendor: Adobe
Status: Coldfusion
Vendor: CVE Published:; 30 June 2026

What is CVE-2026-48283?

Adobe ColdFusion versions 2025.9, 2023.20, and earlier have a vulnerability that allows for unrestricted upload of files that can execute dangerous code. Attackers can exploit this vulnerability to execute arbitrary code within the context of the currently authenticated user, without requiring any interaction from the user. This jeopardizes the security of applications built on ColdFusion, making it crucial for affected users to apply necessary patches or updates to mitigate the risk.

Affected Version(s)

ColdFusion 0 <= 2023.20

References

https://helpx.adobe.com/security/products/coldfusion/apsb...

vendor-advisory

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 30, 2026
Vulnerability Reserved
May 21, 2026

CVE-2026-48283 Data

JSON