Improper Input Validation in ColdFusion by Adobe
CVE-2026-48315

9.3CRITICAL

Key Information:

Vendor: Adobe
Status: Coldfusion
Vendor: CVE Published:; 30 June 2026

What is CVE-2026-48315?

ColdFusion versions 2025.9, 2023.20, and earlier are susceptible to an improper input validation issue that enables attackers to execute arbitrary code within the context of the affected user. This vulnerability allows attackers to inject malicious scripts into web pages, posing a risk of elevated access or control over victims' accounts or sessions. Successful exploitation necessitates that the victim interacts with a malicious file, highlighting the importance of user vigilance and proactive cybersecurity measures.

Affected Version(s)

ColdFusion 0 <= 2023.20

References

https://helpx.adobe.com/security/products/coldfusion/apsb...

vendor-advisory

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 30, 2026
Vulnerability Reserved
May 21, 2026

CVE-2026-48315 Data

JSON