Adobe Patches 7 CVSS 10.0 Flaws in ColdFusion and Campaign Classic
Adobe has issued fixes for multiple highest-severity vulnerabilities affecting Adobe ColdFusion and Adobe Campaign Classic. In ColdFusion, multiple CVSS 10.0 issues (CVE-2026-48276, CVE-2026-48283, CVE-2026-48277, CVE-2026-48281, CVE-2026-48316, CVE-2026-48282) plus additional high-severity flaws (CVE-2026-48313, CVE-2026-48315) could enable arbitrary code execution, privilege escalation, arbitrary file reads, and security bypasses, with patches available in ColdFusion 2023 Update 21 and ColdFusion 2025 Update 10. Adobe Campaign Classic is also affected by CVE-2026-48286 (CVSS 10.0), where incorrect authorization can lead to arbitrary code execution; it is fixed in ACC v7: 7.4.3 build 9397 for affected on-premise Windows and Linux deployments.