Reflected Cross-Site Scripting Vulnerability in Adobe ColdFusion
CVE-2026-48320

8.5HIGH

Key Information:

Vendor

Adobe

Vendor
CVE Published:
14 July 2026

What is CVE-2026-48320?

Adobe ColdFusion is impacted by a reflected Cross-Site Scripting vulnerability, allowing attackers to inject malicious scripts into web pages. Exploiting this vulnerability may enable an attacker to gain unauthorized access or manipulate the victim's account or session. Victims must interact with the malicious file for exploitation to occur, raising significant concerns for users' security and data integrity.

Affected Version(s)

ColdFusion 2023 0 <= 21

ColdFusion 2023 0 <= 21

ColdFusion 2025 0 <= 10

References

CVSS V3.1

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.