Uncontrolled Search Path Element Vulnerability in Adobe ColdFusion
CVE-2026-48363

8.2HIGH

Key Information:

Vendor

Adobe

Vendor
CVE Published:
13 July 2026

What is CVE-2026-48363?

Adobe ColdFusion versions 2025.9, 2023.20, and earlier are impacted by an Uncontrolled Search Path Element vulnerability. This flaw can lead to arbitrary code execution in the context of the current user, necessitating user interaction to exploit. A victim must open a crafted file for exploitation to occur, which raises concerns about file handling and execution within the affected system.

Affected Version(s)

ColdFusion 0 <= 2025.9

ColdFusion 0 <= 2025.9

ColdFusion 0 <= 2023.20

References

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.