Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
4181 articles · 176130 vulns · 37/41 feeds (7d)
← Back to list
9.9
CVE-2026-48318EXPLOITEDPATCHED
adobe · coldfusion

ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

Description

ColdFusion is affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue does not require user interaction. Scope is changed.

Affected Products

VendorProductVersions
adobecoldfusion0, 0

Also Affects

Downstream vendors/products affected by this vulnerability

VendorProductSourceConfidence
adobecoldfusioncert_advisory90%

References

  • https://helpx.adobe.com/security/products/coldfusion/apsb26-82.html(vendor-advisory)

Related News (3 articles)

Tier B
BSI Advisories4h ago
[NEU] [hoch] Adobe ColdFusion: Mehrere Schwachstellen
→ No new info (linked only)
Tier D
CSO Online13h ago
Patch Tuesday roundup: Microsoft fixes a monthly record 569 holes; SAP patches a critical memory corruption bug
→ No new info (linked only)
Tier C
VulDB15h ago
CVE-2026-48318 | Adobe ColdFusion 2023/2025 Pathname path traversal
→ No new info (linked only)
CVSS 3.19.9 CRITICAL
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CISA KEV❌ No
Actively exploited✅ Yes
Patch available
1122
CWECWE-22
PublishedJul 14, 2026
Last enriched15h agov2
Trending Score69
Source articles3
Independent3
Info Completeness9/14
Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

HIGHCVE-2026-48252EXP
Adobe Experience Manager | Missing Authentication for Critical Function (CWE-306)
Trending: 67
CRITICALCVE-2026-48284EXP
ColdFusion | Improper Input Validation (CWE-20)
Trending: 65
CRITICALCVE-2026-48322EXP
ColdFusion | Improper Control of Generation of Code ('Code Injection') (CWE-94)
Trending: 65
HIGHCVE-2026-48310EXP
Adobe Experience Manager | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Trending: 57
CRITICALCVE-2026-48282EXPKEV
ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Trending: 57

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jul 14, 2026
Discovered by ZDM
Jul 14, 2026
Updated: affectedVersions, activelyExploited
Jul 15, 2026
Actively Exploited
Jul 15, 2026
Patch Available
Jul 15, 2026

Version History

v2
Last enriched 15h ago
v2Tier C15h ago

Updated affected versions to include 2023 and 2025, marked as actively exploited, and noted that no exploit is available.

affectedVersionsactivelyExploited
via VulDB
v118h ago

Initial creation