Adobe Patches Critical ColdFusion, Campaign Classic Vulnerabilities
Adobe has issued security updates for ColdFusion and Adobe Campaign Classic to address multiple high-severity vulnerabilities, some rated 10/10. Adobe Campaign Classic patches include CVE-2026-48286, which could enable arbitrary code execution via an authorization weakness, with fixes shipped in version 7.4.3 build 9397 for Windows and Linux. For ColdFusion, updates for 2025 and 2023 resolve several issues including CVE-2026-48276, CVE-2026-48277, CVE-2026-48281, CVE-2026-48316, CVE-2026-48282, CVE-2026-48283, along with other critical flaws such as CVE-2026-48313 and CVE-2026-48315, CVE-2026-48307, CVE-2026-48285, and CVE-2026-48314; these bugs stem from problems like unsafe file upload handling, input validation gaps, XSS, SSRF, and path traversal. Adobe notes no public exploits are known, but the updates are treated as high priority, so users should apply them promptly.