CVE Tools
Back to feed
Help Net Security ·EN-US News source Exploited in the wildAdobe ColdFusion

Attackers exploit critical Adobe ColdFusion vulnerability (CVE-2026-48282)

By Zeljka Zorz··2 min read
CVE Tools coverage

Active exploitation attempts have been observed against Adobe ColdFusion shortly after patches were released on June 30, 2026. The targeted issue is CVE-2026-48282, a path traversal vulnerability that can be abused by remote, unauthenticated attackers to upload a malicious file and trigger arbitrary code execution via a web-accessible location. This matters because attackers can leverage the Remote Development Services (RDS) feature when it is enabled and access is not properly restricted, so organizations running affected ColdFusion versions should urgently update and hunt for suspicious artifacts.