Path Traversal Vulnerability in Adobe ColdFusion
CVE-2026-48338

6.8MEDIUM

Key Information:

Vendor

Adobe

Vendor
CVE Published:
14 July 2026

What is CVE-2026-48338?

Adobe ColdFusion is susceptible to a path traversal vulnerability that enables attackers to read arbitrary files from the file system. This security flaw allows malicious actors to bypass directory restrictions, facilitating unauthorized access to sensitive files outside the designated access scope. Notably, the exploit can be executed without requiring any user interaction, making it imperative for users to address this issue promptly in order to safeguard their systems.

Affected Version(s)

ColdFusion 2023 0 <= 21

ColdFusion 2023 0 <= 21

ColdFusion 2025 0 <= 10

References

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.