SQL Injection Vulnerability in Adobe ColdFusion
CVE-2026-48324
9.1CRITICAL
What is CVE-2026-48324?
Adobe ColdFusion is exposed to a vulnerability that leads to improper neutralization of special elements in SQL commands. This SQL injection flaw allows attackers to execute arbitrary code within the context of the current user without requiring any user interaction. This situation can lead to unauthorized access and manipulation of sensitive data, affecting the application's integrity and security posture. It is crucial for users and organizations utilizing ColdFusion to apply necessary patches and follow the security practices outlined in vendor advisories to mitigate potential threats.
Affected Version(s)
ColdFusion 2023 0 <= 21
ColdFusion 2023 0 <= 21
ColdFusion 2025 0 <= 10