AI description
CVE-2026-48277 is an Improper Input Validation vulnerability (CWE-20) found in Adobe ColdFusion. This flaw allows for unauthenticated remote code execution, meaning an attacker can execute arbitrary code on affected systems without needing to authenticate or requiring any user interaction. It is categorized as a critical vulnerability due to its potential impact. The vulnerability affects Adobe ColdFusion 2025 Update 9 and earlier, as well as ColdFusion 2023 Update 20 and earlier. Exploitation can occur via a network-based attack vector with low complexity, making it reliably triggerable without prerequisite conditions or prior access. Adobe addressed this issue in security bulletin APSB26-68, releasing patches in ColdFusion 2025 Update 10 and ColdFusion 2023 Update 21.
- Description
- ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.
- Source
- psirt@adobe.com
- NVD status
- Analyzed
- Products
- coldfusion
CVSS 3.1
- Type
- Secondary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- psirt@adobe.com
- CWE-20
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
4
AdobeがColdFusionでCVSSスコア10の脆弱性6件を修正。CVE-2026-48276, CVE-2026-48277, CVE-2026-48281, CVE-2026-48316, CVE-2026-48282。なお、今後定例更新は月2回になるとのこと。Campaign ClassicでもCVSSスコア10のCVE-2026-48286が修正されて
@__kokumoto
1 Jul 2026
560 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Adobe ColdFusion versions 2025.9, 2023.20 and earlier are affected by critical security vulnerabilities that can be exploited by attackers without privileges to gain remote code execution on unpatched systems. - CVE-2026-48276 - CVE-2026-48277 - CVE-2026-48281 - CVE-2026-48316 -
@techepages
1 Jul 2026
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔐🚨 CRITICAL: Adobe ColdFusion 3-CVE Cluster — CVSS 10.0 + 8.8 CVE-2026-48276: Unrestricted upload RCE (10.0) CVE-2026-48277: Input validation RCE (10.0) CVE-2026-48307: Reflected XSS (8.8) 🔗 https://t.co/SSeRCrFEcW #CyberSecurity #ThreatIntel #infosec #ColdFusion
@ThreatAft
1 Jul 2026
89 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Adobe ColdfusionでCVSSスコア10の脆弱性6件が修正。6/30に11件の脆弱性が修正されたうちの一部。無制限のファイルアップロードCVE-2026-48276及びCVE-2026-48283、入力検証不備CVE-2026-48277、CVE-2026-48281、CVE-2026-48316、パスト
@__kokumoto
30 Jun 2026
755 Impressions
1 Retweet
5 Likes
1 Bookmark
0 Replies
0 Quotes
ARETIQ Daily Vulnerability Bulletin — June 30, 2026 🟣 EMERGENCY: CVE-2026-48282 (adobe/coldfusion) AAS 16.3 🟣 EMERGENCY: CVE-2026-48281 (adobe/coldfusion) AAS 16.3 🟣 EMERGENCY: CVE-2026-48283 (adobe/coldfusion) AAS 16.3 🟣 EMERGENCY: CVE-2026-48277 (adobe/coldfusion
@AretiqAI
30 Jun 2026
620 Impressions
1 Retweet
11 Likes
2 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:-:*:*:*:*:*:*",
"matchCriteriaId": "B02A37FE-5D31-4892-A3E6-156A8FE62D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update1:*:*:*:*:*:*",
"matchCriteriaId": "0AA3D302-CFEE-4DFD-AB92-F53C87721BFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update10:*:*:*:*:*:*",
"matchCriteriaId": "645D1B5F-2DAB-4AB8-A465-AC37FF494F95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update11:*:*:*:*:*:*",
"matchCriteriaId": "ED6D8996-0770-4C9F-BEA5-87EA479D40A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update12:*:*:*:*:*:*",
"matchCriteriaId": "4836086E-3D4A-4A07-A372-382D385CB490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update13:*:*:*:*:*:*",
"matchCriteriaId": "CBC19168-4184-4B59-B9C8-E98844124EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update14:*:*:*:*:*:*",
"matchCriteriaId": "A60DCD92-9A5B-411C-9554-642C91D77FAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update15:*:*:*:*:*:*",
"matchCriteriaId": "58CC65EF-60A3-4DFA-AA51-E5013F116CEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update16:*:*:*:*:*:*",
"matchCriteriaId": "2E3EBFB1-4488-4924-A2E2-B7E422D68345",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update17:*:*:*:*:*:*",
"matchCriteriaId": "A683F9B2-A0DC-4AA0-BE97-9E74FA200AB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update18:*:*:*:*:*:*",
"matchCriteriaId": "8689F35F-9A81-45D2-B782-DBA12306BA45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update19:*:*:*:*:*:*",
"matchCriteriaId": "5FAA5985-4B25-46C5-8064-0713AB251704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update2:*:*:*:*:*:*",
"matchCriteriaId": "EB88D4FE-5496-4639-BAF2-9F29F24ABF29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update20:*:*:*:*:*:*",
"matchCriteriaId": "9E3884AF-7A1A-4604-B653-6694B7BD1E86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update3:*:*:*:*:*:*",
"matchCriteriaId": "43E0ED98-2C1F-40B8-AF60-FEB1D85619C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update4:*:*:*:*:*:*",
"matchCriteriaId": "76204873-C6E0-4202-8A03-0773270F1802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update5:*:*:*:*:*:*",
"matchCriteriaId": "C1A22BE9-0D47-4BA8-8BDB-9B12D7A0F7C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update6:*:*:*:*:*:*",
"matchCriteriaId": "E3A83642-BF14-4C37-BD94-FA76AABE8ADC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update7:*:*:*:*:*:*",
"matchCriteriaId": "A892E1DC-F2C8-4F53-8580-A2D1BEED5A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update8:*:*:*:*:*:*",
"matchCriteriaId": "DB97ADBA-C1A9-4EE0-9509-68CB12358AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update9:*:*:*:*:*:*",
"matchCriteriaId": "E17C38F0-9B0F-4433-9CBD-6E3D63EA9BDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2025:-:*:*:*:*:*:*",
"matchCriteriaId": "30779417-D4E5-4A01-BE0E-1CE1D134292A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2025:update1:*:*:*:*:*:*",
"matchCriteriaId": "80D7FC6A-F264-4CB1-A18D-B091EBA47882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2025:update2:*:*:*:*:*:*",
"matchCriteriaId": "E3DA0D20-93BA-4C76-A400-159853CD7277",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2025:update3:*:*:*:*:*:*",
"matchCriteriaId": "5BAB6F21-61F1-43AB-88BA-553CD9AD6C0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2025:update4:*:*:*:*:*:*",
"matchCriteriaId": "C85288B9-5D63-49EA-828A-8DB3BB2367F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2025:update5:*:*:*:*:*:*",
"matchCriteriaId": "3882A011-5A01-48E7-B5E7-5A837B1CE245",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2025:update6:*:*:*:*:*:*",
"matchCriteriaId": "AACCE621-3380-4144-BA1B-AA26FE96B902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2025:update7:*:*:*:*:*:*",
"matchCriteriaId": "EBC62370-3FA2-4AF7-A201-4155D09051F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2025:update8:*:*:*:*:*:*",
"matchCriteriaId": "D7616F34-9422-4815-806F-4484F68ED2A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2025:update9:*:*:*:*:*:*",
"matchCriteriaId": "FB078BC9-164F-46D0-99F8-086F93FF2046",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]