AI description
CVE-2026-48282 is identified as a path traversal vulnerability affecting Adobe ColdFusion versions 2025.9, 2023.20, and earlier releases. This flaw, categorized as an Improper Limitation of a Pathname to a Restricted Directory (CWE-22), allows an attacker to execute arbitrary code in the context of the current user. Exploitation of CVE-2026-48282 does not require user interaction or any specific privileges, making it accessible over a network by sending crafted HTTP requests to a ColdFusion endpoint. Attackers can manipulate file system paths using traversal sequences to access or write files outside of the intended restricted directory, which can then be chained to achieve arbitrary code execution. This vulnerability has been observed under active exploitation shortly after its public disclosure.
- Description
- ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.
- Source
- psirt@adobe.com
- NVD status
- Analyzed
- Products
- coldfusion
CVSS 3.1
- Type
- Secondary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- psirt@adobe.com
- CWE-22
- Hype score
- Not currently trending
🚨 Adobe ColdFusion'da kritik RCE açığı (CVE-2026-48282) CVSS: 10.0 Path Traversal zafiyeti nedeniyle saldırganlar, kullanıcı etkileşimi gerektirmeden (UI) uzaktan özel hazırlanmış isteklerle etkilenen ColdFusion sunucularında uygulamanın çalıştığı kullan
@ridvanyagli
3 Jul 2026
228 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Adobe ColdFusionの重大な任意コード実行脆弱性CVE-2026-48282が実際に悪用されている。パストラバーサルの不備により、利用者操作なしで遠隔からサーバーを乗っ取られる恐れがあり、緊急パッチ適用が求められて
@yousukezan
3 Jul 2026
1874 Impressions
2 Retweets
11 Likes
2 Bookmarks
0 Replies
0 Quotes
AdobeがColdFusionでCVSSスコア10の脆弱性6件を修正。CVE-2026-48276, CVE-2026-48277, CVE-2026-48281, CVE-2026-48316, CVE-2026-48282。なお、今後定例更新は月2回になるとのこと。Campaign ClassicでもCVSSスコア10のCVE-2026-48286が修正されて
@__kokumoto
1 Jul 2026
759 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
1 Quote
Adobe ColdfusionでCVSSスコア10の脆弱性6件が修正。6/30に11件の脆弱性が修正されたうちの一部。無制限のファイルアップロードCVE-2026-48276及びCVE-2026-48283、入力検証不備CVE-2026-48277、CVE-2026-48281、CVE-2026-48316、パスト
@__kokumoto
30 Jun 2026
764 Impressions
1 Retweet
5 Likes
1 Bookmark
0 Replies
0 Quotes
ARETIQ Daily Vulnerability Bulletin — June 30, 2026 🟣 EMERGENCY: CVE-2026-48282 (adobe/coldfusion) AAS 16.3 🟣 EMERGENCY: CVE-2026-48281 (adobe/coldfusion) AAS 16.3 🟣 EMERGENCY: CVE-2026-48283 (adobe/coldfusion) AAS 16.3 🟣 EMERGENCY: CVE-2026-48277 (adobe/coldfusion
@AretiqAI
30 Jun 2026
621 Impressions
1 Retweet
11 Likes
2 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:-:*:*:*:*:*:*",
"matchCriteriaId": "B02A37FE-5D31-4892-A3E6-156A8FE62D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update1:*:*:*:*:*:*",
"matchCriteriaId": "0AA3D302-CFEE-4DFD-AB92-F53C87721BFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update10:*:*:*:*:*:*",
"matchCriteriaId": "645D1B5F-2DAB-4AB8-A465-AC37FF494F95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update11:*:*:*:*:*:*",
"matchCriteriaId": "ED6D8996-0770-4C9F-BEA5-87EA479D40A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update12:*:*:*:*:*:*",
"matchCriteriaId": "4836086E-3D4A-4A07-A372-382D385CB490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update13:*:*:*:*:*:*",
"matchCriteriaId": "CBC19168-4184-4B59-B9C8-E98844124EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update14:*:*:*:*:*:*",
"matchCriteriaId": "A60DCD92-9A5B-411C-9554-642C91D77FAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update15:*:*:*:*:*:*",
"matchCriteriaId": "58CC65EF-60A3-4DFA-AA51-E5013F116CEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update16:*:*:*:*:*:*",
"matchCriteriaId": "2E3EBFB1-4488-4924-A2E2-B7E422D68345",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update17:*:*:*:*:*:*",
"matchCriteriaId": "A683F9B2-A0DC-4AA0-BE97-9E74FA200AB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update18:*:*:*:*:*:*",
"matchCriteriaId": "8689F35F-9A81-45D2-B782-DBA12306BA45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update19:*:*:*:*:*:*",
"matchCriteriaId": "5FAA5985-4B25-46C5-8064-0713AB251704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update2:*:*:*:*:*:*",
"matchCriteriaId": "EB88D4FE-5496-4639-BAF2-9F29F24ABF29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update20:*:*:*:*:*:*",
"matchCriteriaId": "9E3884AF-7A1A-4604-B653-6694B7BD1E86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update3:*:*:*:*:*:*",
"matchCriteriaId": "43E0ED98-2C1F-40B8-AF60-FEB1D85619C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update4:*:*:*:*:*:*",
"matchCriteriaId": "76204873-C6E0-4202-8A03-0773270F1802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update5:*:*:*:*:*:*",
"matchCriteriaId": "C1A22BE9-0D47-4BA8-8BDB-9B12D7A0F7C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update6:*:*:*:*:*:*",
"matchCriteriaId": "E3A83642-BF14-4C37-BD94-FA76AABE8ADC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update7:*:*:*:*:*:*",
"matchCriteriaId": "A892E1DC-F2C8-4F53-8580-A2D1BEED5A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update8:*:*:*:*:*:*",
"matchCriteriaId": "DB97ADBA-C1A9-4EE0-9509-68CB12358AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update9:*:*:*:*:*:*",
"matchCriteriaId": "E17C38F0-9B0F-4433-9CBD-6E3D63EA9BDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2025:-:*:*:*:*:*:*",
"matchCriteriaId": "30779417-D4E5-4A01-BE0E-1CE1D134292A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2025:update1:*:*:*:*:*:*",
"matchCriteriaId": "80D7FC6A-F264-4CB1-A18D-B091EBA47882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2025:update2:*:*:*:*:*:*",
"matchCriteriaId": "E3DA0D20-93BA-4C76-A400-159853CD7277",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2025:update3:*:*:*:*:*:*",
"matchCriteriaId": "5BAB6F21-61F1-43AB-88BA-553CD9AD6C0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2025:update4:*:*:*:*:*:*",
"matchCriteriaId": "C85288B9-5D63-49EA-828A-8DB3BB2367F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2025:update5:*:*:*:*:*:*",
"matchCriteriaId": "3882A011-5A01-48E7-B5E7-5A837B1CE245",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2025:update6:*:*:*:*:*:*",
"matchCriteriaId": "AACCE621-3380-4144-BA1B-AA26FE96B902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2025:update7:*:*:*:*:*:*",
"matchCriteriaId": "EBC62370-3FA2-4AF7-A201-4155D09051F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2025:update8:*:*:*:*:*:*",
"matchCriteriaId": "D7616F34-9422-4815-806F-4484F68ED2A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:coldfusion:2025:update9:*:*:*:*:*:*",
"matchCriteriaId": "FB078BC9-164F-46D0-99F8-086F93FF2046",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]