CVE-2026-48282

Published Jun 30, 2026

Last updated 5 days ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2026-48282 is identified as a path traversal vulnerability affecting Adobe ColdFusion versions 2025.9, 2023.20, and earlier releases. This flaw, categorized as an Improper Limitation of a Pathname to a Restricted Directory (CWE-22), allows an attacker to execute arbitrary code in the context of the current user. Exploitation of CVE-2026-48282 does not require user interaction or any specific privileges, making it accessible over a network by sending crafted HTTP requests to a ColdFusion endpoint. Attackers can manipulate file system paths using traversal sequences to access or write files outside of the intended restricted directory, which can then be chained to achieve arbitrary code execution. This vulnerability has been observed under active exploitation shortly after its public disclosure.

Description
ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.
Source
psirt@adobe.com
NVD status
Analyzed
Products
coldfusion

Risk scores

CVSS 3.1

Type
Secondary
Base score
10
Impact score
6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

psirt@adobe.com
CWE-22

Social media

Hype score
Not currently trending
  1. 🚨 Adobe ColdFusion'da kritik RCE açığı (CVE-2026-48282) CVSS: 10.0 Path Traversal zafiyeti nedeniyle saldırganlar, kullanıcı etkileşimi gerektirmeden (UI) uzaktan özel hazırlanmış isteklerle etkilenen ColdFusion sunucularında uygulamanın çalıştığı kullan

    @ridvanyagli

    3 Jul 2026

    228 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Adobe ColdFusionの重大な任意コード実行脆弱性CVE-2026-48282が実際に悪用されている。パストラバーサルの不備により、利用者操作なしで遠隔からサーバーを乗っ取られる恐れがあり、緊急パッチ適用が求められて

    @yousukezan

    3 Jul 2026

    1874 Impressions

    2 Retweets

    11 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  3. AdobeがColdFusionでCVSSスコア10の脆弱性6件を修正。CVE-2026-48276, CVE-2026-48277, CVE-2026-48281, CVE-2026-48316, CVE-2026-48282。なお、今後定例更新は月2回になるとのこと。Campaign ClassicでもCVSSスコア10のCVE-2026-48286が修正されて

    @__kokumoto

    1 Jul 2026

    759 Impressions

    0 Retweets

    2 Likes

    1 Bookmark

    0 Replies

    1 Quote

  4. Adobe ColdfusionでCVSSスコア10の脆弱性6件が修正。6/30に11件の脆弱性が修正されたうちの一部。無制限のファイルアップロードCVE-2026-48276及びCVE-2026-48283、入力検証不備CVE-2026-48277、CVE-2026-48281、CVE-2026-48316、パスト

    @__kokumoto

    30 Jun 2026

    764 Impressions

    1 Retweet

    5 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  5. ARETIQ Daily Vulnerability Bulletin — June 30, 2026 🟣 EMERGENCY: CVE-2026-48282 (adobe/coldfusion) AAS 16.3 🟣 EMERGENCY: CVE-2026-48281 (adobe/coldfusion) AAS 16.3 🟣 EMERGENCY: CVE-2026-48283 (adobe/coldfusion) AAS 16.3 🟣 EMERGENCY: CVE-2026-48277 (adobe/coldfusion

    @AretiqAI

    30 Jun 2026

    621 Impressions

    1 Retweet

    11 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.