BleepingComputer ·EN-US News source Exploited in the wildColdFusion
Max severity Adobe ColdFusion flaw now exploited in attacks
CVE Tools coverage
Attackers are exploiting a max-severity Adobe ColdFusion vulnerability, CVE-2026-48282, with KEVIntel reporting in-the-wild use shortly after public details emerged. The issue affects ColdFusion versions 2025.9, 2023.20, and earlier and can enable remote code execution without needing attacker privileges, making unpatched systems a priority risk. Adobe has released fixes and urged administrators to apply updates immediately, with Canadian and other monitoring efforts also warning defenders to remediate.