CVE Tools
Back to feed
SecurityWeek ·EN-US News source Exploited in the wildAdobe ColdFusion

Critical Adobe ColdFusion Vulnerability Exploited in Attacks

By Ionut Arghire··2 min read
CVE Tools coverage

Attackers have started exploiting a critical path traversal vulnerability in Adobe ColdFusion shortly after it was made public, with proof of in-the-wild use reported for CVE-2026-48282 (CVSS 10/10). The flaw can enable arbitrary code execution, making it a high-impact risk for systems running Adobe ColdFusion versions patched by Adobe in ColdFusion 2025 update 10 and ColdFusion 2023 update 21. This matters because exploitation began within two hours of disclosure, leaving little time for organizations to validate and deploy mitigations before attackers moved.