CVE Tools
Back to feed
BleepingComputer ·EN-US News source Exploited in the wildColdFusion

Max severity Adobe ColdFusion flaw now exploited in attacks

By Sergiu Gatlan··2 min read
CVE Tools coverage

Attackers are exploiting a max-severity Adobe ColdFusion vulnerability, CVE-2026-48282, with KEVIntel reporting in-the-wild use shortly after public details emerged. The issue affects ColdFusion versions 2025.9, 2023.20, and earlier and can enable remote code execution without needing attacker privileges, making unpatched systems a priority risk. Adobe has released fixes and urged administrators to apply updates immediately, with Canadian and other monitoring efforts also warning defenders to remediate.