SQL Injection Vulnerability in Adobe ColdFusion
CVE-2026-48324

9.1CRITICAL

Key Information:

Vendor

Adobe

Vendor
CVE Published:
14 July 2026

What is CVE-2026-48324?

Adobe ColdFusion is exposed to a vulnerability that leads to improper neutralization of special elements in SQL commands. This SQL injection flaw allows attackers to execute arbitrary code within the context of the current user without requiring any user interaction. This situation can lead to unauthorized access and manipulation of sensitive data, affecting the application's integrity and security posture. It is crucial for users and organizations utilizing ColdFusion to apply necessary patches and follow the security practices outlined in vendor advisories to mitigate potential threats.

Affected Version(s)

ColdFusion 2023 0 <= 21

ColdFusion 2023 0 <= 21

ColdFusion 2025 0 <= 10

References

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.