Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
3867 articles · 169563 vulns · 37/41 feeds (7d)
← Back to list
9.3
CVE-2026-48315EXPLOITEDPATCHED
adobe · coldfusion

ColdFusion | Improper Input Validation (CWE-20)

Description

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.

Affected Products

VendorProductVersions
adobecoldfusion0

References

  • https://helpx.adobe.com/security/products/coldfusion/apsb26-68.html(vendor-advisory)

Related News (1 articles)

Tier C
VulDB15h ago
CVE-2026-48315 | Adobe ColdFusion up to 2023.20/2025.9 File input validation (apsb26-68)
→ No new info (linked only)
CVSS 3.19.3 CRITICAL
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
CISA KEV❌ No
Actively exploited✅ Yes
Patch available
https://helpx.adobe.com/security/products/coldfusion/apsb26-68.html
CWECWE-20
PublishedJun 30, 2026
Last enriched15h agov2
Trending Score51
Source articles1
Independent1
Info Completeness9/14
Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

CRITICALCVE-2026-34621EXPKEV
Acrobat Reader | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321)
Trending: 160
CRITICALCVE-2026-48282EXP
ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Trending: 59
CRITICALCVE-2026-48314EXP
ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Trending: 55
CRITICALCVE-2026-48276
ColdFusion | Unrestricted Upload of File with Dangerous Type (CWE-434)
Trending: 53
HIGHCVE-2026-48285EXP
ColdFusion | Server-Side Request Forgery (SSRF) (CWE-918)
Trending: 52

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jun 30, 2026
Discovered by ZDM
Jun 30, 2026
Updated: description, affectedVersions, activelyExploited
Jun 30, 2026
Actively Exploited
Jul 1, 2026
Patch Available
Jul 1, 2026

Version History

v2
Last enriched 15h ago
v2Tier C15h ago

Updated description with new details, changed exploit availability to false, and marked the vulnerability as actively exploited.

descriptionaffectedVersionsactivelyExploited
via VulDB
v117h ago

Initial creation