Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
4226 articles · 176099 vulns · 37/41 feeds (7d)
← Back to list
9.6
CVE-2026-48284EXPLOITEDPATCHED
adobe · coldfusion

ColdFusion | Improper Input Validation (CWE-20)

Description

ColdFusion is affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.

Affected Products

VendorProductVersions
adobecoldfusion0, 0

Also Affects

Downstream vendors/products affected by this vulnerability

VendorProductSourceConfidence
adobecoldfusioncert_advisory90%

References

  • https://helpx.adobe.com/security/products/coldfusion/apsb26-82.html(vendor-advisory)

Related News (2 articles)

Tier B
BSI Advisories4h ago
[NEU] [hoch] Adobe ColdFusion: Mehrere Schwachstellen
→ No new info (linked only)
Tier C
VulDB14h ago
CVE-2026-48284 | Adobe ColdFusion 2023/2025 input validation
→ No new info (linked only)
CVSS 3.19.6 CRITICAL
VectorCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CISA KEV❌ No
Actively exploited✅ Yes
Patch available
1122
CWECWE-20
PublishedJul 14, 2026
Last enriched14h agov2
Trending Score65
Source articles2
Independent2
Info Completeness9/14
Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

CRITICALCVE-2026-48318EXP
ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Trending: 69
HIGHCVE-2026-48252EXP
Adobe Experience Manager | Missing Authentication for Critical Function (CWE-306)
Trending: 67
CRITICALCVE-2026-48322EXP
ColdFusion | Improper Control of Generation of Code ('Code Injection') (CWE-94)
Trending: 65
CRITICALCVE-2026-48282EXPKEV
ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Trending: 58
HIGHCVE-2026-48310EXP
Adobe Experience Manager | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Trending: 57

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jul 14, 2026
Discovered by ZDM
Jul 14, 2026
Updated: affectedVersions, activelyExploited
Jul 15, 2026
Actively Exploited
Jul 15, 2026
Patch Available
Jul 15, 2026

Version History

v2
Last enriched 14h ago
v2Tier C14h ago

Updated affected versions to 2023 and 2025, marked exploit availability as false, and noted that the vulnerability is actively exploited.

affectedVersionsactivelyExploited
via VulDB
v117h ago

Initial creation