Cyber Security News

Adobe Patches Critical Apache Tika Bug in ColdFusion

CybersecurityNews
Adobe Patches Critical Apache Tika Bug in ColdFusion

Adobe released security updates for 11 products in January 2026, fixing 25 vulnerabilities including a critical XML External Entity (XXE) injection flaw in Apache Tika modules used by ColdFusion. These patches help prevent exploits like information leaks, SSRF, DoS, and remote code execution, but Adobe reports no known active attacks. #ApacheTika #ColdFusionUpdate #XXEInjection

Keypoints

  • Adobe released security patches for 11 products addressing 25 vulnerabilities in January 2026.
  • The critical flaw CVE-2025-66516 involves an XXE injection in Apache Tika modules used by ColdFusion.
  • Adobe urged users to update ColdFusion to versions 2025 Update 6 and 2023 Update 18 to mitigate this vulnerability.
  • High-severity flaws were fixed in Dreamweaver, Bridge, Illustrator, and other Adobe applications.
  • Microsoft patched 112 vulnerabilities, including a zero-day actively exploited in attacks.

Read More: https://www.securityweek.com/adobe-patches-critical-apache-tika-bug-in-coldfusion/

SHARE THIS STORY

WhatsAppX (Twitter)TelegramBlueskyFacebookLinkedInThreadsEmailPrint