BleepingComputer ·EN-US News source Exploited in the wildAdobe ColdFusion
CISA orders feds to patch max severity ColdFusion flaw by Friday
CVE Tools coverage
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has directed federal civilian agencies to remediate an actively exploited, maximum-severity vulnerability in Adobe ColdFusion by Friday, June 10. The issue, tracked as CVE-2026-48282, impacts ColdFusion versions 2025.9 and 2023.20 (and earlier) and can allow remote attackers to execute code on unpatched systems without special privileges. Adobe has already released security updates and warned administrators to deploy them immediately, underscoring the fast-moving exploitation risk that prompted CISA to add CVE-2026-48282 to its Known Exploited Vulnerabilities catalog.