CVE Tools
Back to feed
watchTowr Labs ·EN Vendor research Patch releasedAdobe ColdFusion

It’s 37oC, And All We Can Think About Is ColdFusion (Adobe ColdFusion Security Bulletin APSB26-68 CVE Bonanza)

By Sina Kheirkhah (@SinSinology)··10 min read
CVE Tools coverage

Adobe has released APSB26-68 addressing a large set of security issues in Adobe ColdFusion, impacting ColdFusion 2025 (Update 9 and below) and ColdFusion 2023 (Update 20 and below). The bulletin includes fixes for multiple remote-impact vulnerabilities such as CVE-2026-48276, CVE-2026-48277, CVE-2026-48281, CVE-2026-48316, CVE-2026-48282, CVE-2026-48283, CVE-2026-48313, CVE-2026-48315, CVE-2026-48307, CVE-2026-48285, and CVE-2026-48314. These issues matter because they can enable arbitrary file read/write and privilege escalation pathways—potentially escalating to remote code execution when vulnerable features are reachable and misconfigured.

We’re back, melting - we’ve tried shouting, screaming, and throwing things at the Sun, and it is just not working.

Before we begin our analysis, we want to be clear - given the number of vulnerabilities fixed (and some not mentioned..), we’ve struggled to have confidence in our attribution of “vulnerability <> specific CVE ID”.…

Continue reading on watchTowr Labs