Critical Adobe ColdFusion flaw comes under exploitation two hours after disclosure

 

Critical Adobe ColdFusion flaw comes under exploitation two hours after disclosure

Attackers have begun exploiting a recently disclosed Adobe ColdFusion security flaw, tracked as CVE-2026-48282.

The vulnerability affects ColdFusion 2025.9, 2023.20, and earlier versions. It allows attackers to run code on vulnerable systems without needing special access. The vulnerability exists due to path traversal in ColdFusion when processing crafted path input. A remote attacker can supply a crafted pathname to execute arbitrary code.

Adobe released security updates last week, warning that the flaw was at high risk of being exploited.

According to vulnerability intelligence company KEVIntel, attackers began exploiting the flaw less than two hours after Adobe published details about it. Users are strongly advised to apply patches to minimize the risk of a cybersecurity compromise.

 

Back to the list