CVE-2026-47960 – Adobe ColdFusion
“ColdFusion exposure can move fast from file access to code execution.”
This security update addresses multiple critical and high-severity vulnerabilities in Adobe ColdFusion. The patch covers path traversal, improper input validation, incorrect authorization, and XXE issues that could lead to arbitrary code execution, privilege escalation, unauthorized file access, arbitrary file system read, or security feature bypass.
CVE-2026-48282 has a CVSS score of 10.0, which is Critical severity. CVE-2026-47928 has a CVSS score of 9.6, which is Critical severity. CVE-2026-47929 has a CVSS score of 8.4, which is High severity. CVE-2026-47930 has a CVSS score of 8.1, which is High severity. CVE-2026-47931 has a CVSS score of 8.4, which is High severity. CVE-2026-47932 has a CVSS score of 8.8, which is High severity. CVE-2026-47960 has a CVSS score of 7.4, which is High severity. CVE-2026-48282 is confirmed as actively exploited in the wild.
Key Details
- Affected Product
- Adobe Coldfusion
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- Required
- CWE Classification
- CWE-611