Insufficient Session Expiration Vulnerability in ColdFusion by Adobe
CVE-2026-48329

2.7LOW

Key Information:

Vendor

Adobe

Vendor
CVE Published:
14 July 2026

What is CVE-2026-48329?

Adobe ColdFusion contains a vulnerability related to insufficient session expiration, enabling a high-privileged attacker to bypass security features. This issue can lead to unauthorized write access without requiring user interaction, posing significant risks to application integrity and data confidentiality.

Affected Version(s)

ColdFusion 2023 0 <= 21

ColdFusion 2023 0 <= 21

ColdFusion 2025 0 <= 10

References

CVSS V3.1

Score:
2.7
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.