CVE-2026-48277

Published Jun 30, 2026

Last updated an hour ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2026-48277 is an Improper Input Validation vulnerability (CWE-20) found in Adobe ColdFusion. This flaw allows for unauthenticated remote code execution, meaning an attacker can execute arbitrary code on affected systems without needing to authenticate or requiring any user interaction. It is categorized as a critical vulnerability due to its potential impact. The vulnerability affects Adobe ColdFusion 2025 Update 9 and earlier, as well as ColdFusion 2023 Update 20 and earlier. Exploitation can occur via a network-based attack vector with low complexity, making it reliably triggerable without prerequisite conditions or prior access. Adobe addressed this issue in security bulletin APSB26-68, releasing patches in ColdFusion 2025 Update 10 and ColdFusion 2023 Update 21.

Description
ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.
Source
psirt@adobe.com
NVD status
Analyzed
Products
coldfusion

Risk scores

CVSS 3.1

Type
Secondary
Base score
10
Impact score
6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

psirt@adobe.com
CWE-20

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

4

  1. AdobeがColdFusionでCVSSスコア10の脆弱性6件を修正。CVE-2026-48276, CVE-2026-48277, CVE-2026-48281, CVE-2026-48316, CVE-2026-48282。なお、今後定例更新は月2回になるとのこと。Campaign ClassicでもCVSSスコア10のCVE-2026-48286が修正されて

    @__kokumoto

    1 Jul 2026

    560 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Adobe ColdFusion versions 2025.9, 2023.20 and earlier are affected by critical security vulnerabilities that can be exploited by attackers without privileges to gain remote code execution on unpatched systems. - CVE-2026-48276 - CVE-2026-48277 - CVE-2026-48281 - CVE-2026-48316 -

    @techepages

    1 Jul 2026

    49 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🔐🚨 CRITICAL: Adobe ColdFusion 3-CVE Cluster — CVSS 10.0 + 8.8 CVE-2026-48276: Unrestricted upload RCE (10.0) CVE-2026-48277: Input validation RCE (10.0) CVE-2026-48307: Reflected XSS (8.8) 🔗 https://t.co/SSeRCrFEcW #CyberSecurity #ThreatIntel #infosec #ColdFusion

    @ThreatAft

    1 Jul 2026

    89 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Adobe ColdfusionでCVSSスコア10の脆弱性6件が修正。6/30に11件の脆弱性が修正されたうちの一部。無制限のファイルアップロードCVE-2026-48276及びCVE-2026-48283、入力検証不備CVE-2026-48277、CVE-2026-48281、CVE-2026-48316、パスト

    @__kokumoto

    30 Jun 2026

    755 Impressions

    1 Retweet

    5 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  5. ARETIQ Daily Vulnerability Bulletin — June 30, 2026 🟣 EMERGENCY: CVE-2026-48282 (adobe/coldfusion) AAS 16.3 🟣 EMERGENCY: CVE-2026-48281 (adobe/coldfusion) AAS 16.3 🟣 EMERGENCY: CVE-2026-48283 (adobe/coldfusion) AAS 16.3 🟣 EMERGENCY: CVE-2026-48277 (adobe/coldfusion

    @AretiqAI

    30 Jun 2026

    620 Impressions

    1 Retweet

    11 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.