Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
3860 articles · 169563 vulns · 37/41 feeds (7d)
← Back to list
10.0
CVE-2026-48276PATCHED
adobe · coldfusion

ColdFusion | Unrestricted Upload of File with Dangerous Type (CWE-434)

Description

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.

Affected Products

VendorProductVersions
adobecoldfusion0

References

  • https://helpx.adobe.com/security/products/coldfusion/apsb26-68.html(vendor-advisory)

Related News (2 articles)

Tier D
BleepingComputer3h ago
Adobe patches seven max severity ColdFusion, Campaign flaws
→ No new info (linked only)
Tier C
VulDB19h ago
CVE-2026-48276 | Adobe ColdFusion up to 2023.20/2025.9 unrestricted upload (apsb26-68)
→ No new info (linked only)
CVSS 3.110.0 CRITICAL
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CISA KEV❌ No
Actively exploited❌ No
Patch available
https://helpx.adobe.com/security/products/coldfusion/apsb26-68.html
CWECWE-434
PublishedJun 30, 2026
Last enriched17h agov2
Trending Score53
Source articles2
Independent2
Info Completeness9/14
Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

CRITICALCVE-2026-34621EXPKEV
Acrobat Reader | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321)
Trending: 160
CRITICALCVE-2026-48282EXP
ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Trending: 59
CRITICALCVE-2026-48314EXP
ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Trending: 55
HIGHCVE-2026-48285EXP
ColdFusion | Server-Side Request Forgery (SSRF) (CWE-918)
Trending: 52
CRITICALCVE-2026-48315EXP
ColdFusion | Improper Input Validation (CWE-20)
Trending: 50

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jun 30, 2026
Discovered by ZDM
Jun 30, 2026
Updated: affectedVersions
Jun 30, 2026
Patch Available
Jul 1, 2026

Version History

v2
Last enriched 17h ago
v2Tier C17h ago

Updated affected versions to include 2023.20 and 2025.9, and corrected exploit availability to false.

affectedVersions
via VulDB
v118h ago

Initial creation