Threat actors are exploiting CVE-2026-48282, a maximum-severity path traversal flaw in Adobe ColdFusion that can lead to arbitrary code execution. Adobe released emergency updates for ColdFusion 2025 and 2023, but exploitation reportedly began within two hours of public disclosure. #AdobeColdFusion #CVE-2026-48282 #KEVIntel #CanadianCentreforCyberSecurity
Keypoints
- CVE-2026-48282 is a critical Adobe ColdFusion path traversal flaw with a 10/10 CVSS score.
- The vulnerability can lead to arbitrary code execution on affected systems.
- Adobe patched the issue in ColdFusion 2025 update 10 and ColdFusion 2023 update 21.
- KEVIntel reported in-the-wild exploitation within two hours of public disclosure.
- The Canadian Centre for Cyber Security also warned that the flaw is being used in attacks.
Read More: https://www.securityweek.com/critical-adobe-coldfusion-vulnerability-exploited-in-attacks/