CVE-2026-47928 – Adobe ColdFusion

CVSS 9.6 CRITICAL Critical or Zero Day – Immediate Deployment

“ColdFusion exposure can move fast from file access to code execution.”

This security update addresses multiple critical and high-severity vulnerabilities in Adobe ColdFusion. The patch covers path traversal, improper input validation, incorrect authorization, and XXE issues that could lead to arbitrary code execution, privilege escalation, unauthorized file access, arbitrary file system read, or security feature bypass.

CVE-2026-48282 has a CVSS score of 10.0, which is Critical severity. CVE-2026-47928 has a CVSS score of 9.6, which is Critical severity. CVE-2026-47929 has a CVSS score of 8.4, which is High severity. CVE-2026-47930 has a CVSS score of 8.1, which is High severity. CVE-2026-47931 has a CVSS score of 8.4, which is High severity. CVE-2026-47932 has a CVSS score of 8.8, which is High severity. CVE-2026-47960 has a CVSS score of 7.4, which is High severity. CVE-2026-48282 is confirmed as actively exploited in the wild.

Key Details

Affected Product
Adobe Coldfusion
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
CWE Classification
CWE-20
Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.