Uncontrolled Search Path Element Vulnerability in Adobe ColdFusion
CVE-2026-48363
8.2HIGH
What is CVE-2026-48363?
Adobe ColdFusion versions 2025.9, 2023.20, and earlier are impacted by an Uncontrolled Search Path Element vulnerability. This flaw can lead to arbitrary code execution in the context of the current user, necessitating user interaction to exploit. A victim must open a crafted file for exploitation to occur, which raises concerns about file handling and execution within the affected system.
Affected Version(s)
ColdFusion 0 <= 2025.9
ColdFusion 0 <= 2025.9
ColdFusion 0 <= 2023.20