Improper Input Validation in ColdFusion by Adobe
CVE-2026-48316

10CRITICAL

Key Information:

Vendor

Adobe

Vendor
CVE Published:
6 July 2026

What is CVE-2026-48316?

ColdFusion versions 2025.9 and 2023.20 are vulnerable to improper input validation, which may allow attackers to execute arbitrary code without requiring user interaction. This severity of this risk emphasizes the need for immediate attention by organizations using the affected versions. To protect sensitive information and system integrity, it is crucial to apply the latest security updates provided by Adobe.

Affected Version(s)

ColdFusion 0 <= 2023.20

References

CVSS V3.1

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.