CISA orders feds to patch max severity ColdFusion flaw by Friday

CISA orders feds to patch max severity ColdFusion flaw by Friday
CISA has directed U.S. federal agencies to patch the actively exploited Adobe ColdFusion vulnerability CVE-2026-48282 by Friday after reports showed attackers were using it to achieve remote code execution on unpatched systems. Adobe and security researchers warned that exploitation began shortly after disclosure, with hundreds of ColdFusion instances exposed online and additional ColdFusion and Campaign Classic flaws also recently patched. #AdobeColdFusion #CVE-2026-48282 #CISA #RyanDewhurst #Shadowserver

Keypoints

  • CISA ordered federal agencies to patch CVE-2026-48282 by Friday.
  • The flaw affects Adobe ColdFusion 2025.9, 2023.20, and earlier versions.
  • Remote attackers can exploit it without privileges to gain code execution.
  • Adobe urged administrators to install the fix as soon as possible.
  • Shadowserver tracks nearly 800 internet-exposed ColdFusion instances.

Read More: https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-max-severity-coldfusion-flaw-by-friday/