SecurityWeek ·EN-US News source Exploited in the wildAdobe ColdFusion
Critical Adobe ColdFusion Vulnerability Exploited in Attacks
CVE Tools coverage
Attackers have started exploiting a critical path traversal vulnerability in Adobe ColdFusion shortly after it was made public, with proof of in-the-wild use reported for CVE-2026-48282 (CVSS 10/10). The flaw can enable arbitrary code execution, making it a high-impact risk for systems running Adobe ColdFusion versions patched by Adobe in ColdFusion 2025 update 10 and ColdFusion 2023 update 21. This matters because exploitation began within two hours of disclosure, leaving little time for organizations to validate and deploy mitigations before attackers moved.