Хакер (xakep.ru) ·RU-RU Restricted Exploited in the wildAdobe ColdFusion
Критический баг в Adobe ColdFusion уже используется в атаках
CVE Tools coverage
A critical vulnerability in Adobe ColdFusion (CVE-2026-48282) has already been used in attacks less than two hours after its details were disclosed. The flaw allows unauthenticated attackers to write arbitrary files, potentially leading to remote code execution. It affects ColdFusion 2025.9, 2023.20, and earlier versions, and was patched last week. Attackers have already attempted exploitation using IP addresses like 103.207.14.220, targeting system files such as C:\Windows\win.ini. Canadian cybersecurity authorities and global honeypot networks confirmed active exploitation. Adobe also addressed seven other high-severity issues in the same update.