Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
3843 articles · 169523 vulns · 37/41 feeds (7d)
← Back to list
8.6
CVE-2026-48285EXPLOITEDPATCHED
adobe · coldfusion

ColdFusion | Server-Side Request Forgery (SSRF) (CWE-918)

Description

ColdFusion versions 2025.9, 2023.20 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction. Scope is changed.

Affected Products

VendorProductVersions
adobecoldfusion0

References

  • https://helpx.adobe.com/security/products/coldfusion/apsb26-68.html(vendor-advisory)

Related News (1 articles)

Tier C
VulDB16h ago
CVE-2026-48285 | Adobe ColdFusion up to 2023.20/2025.9 server-side request forgery (apsb26-68)
→ No new info (linked only)
CVSS 3.18.6 HIGH
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
CISA KEV❌ No
Actively exploited✅ Yes
Patch available
https://helpx.adobe.com/security/products/coldfusion/apsb26-68.html
CWECWE-918
PublishedJun 30, 2026
Last enriched14h agov2
Trending Score52
Source articles1
Independent1
Info Completeness9/14
Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

CRITICALCVE-2026-34621EXPKEV
Acrobat Reader | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321)
Trending: 162
CRITICALCVE-2026-48282EXP
ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Trending: 60
CRITICALCVE-2026-48314EXP
ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Trending: 56
CRITICALCVE-2026-48315EXP
ColdFusion | Improper Input Validation (CWE-20)
Trending: 51
CRITICALCVE-2026-48277
ColdFusion | Improper Input Validation (CWE-20)
Trending: 43

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jun 30, 2026
Discovered by ZDM
Jun 30, 2026
Updated: severity, activelyExploited
Jun 30, 2026
Actively Exploited
Jun 30, 2026
Patch Available
Jun 30, 2026

Version History

v2
Last enriched 14h ago
v2Tier C14h ago

Updated severity to CRITICAL, marked exploit as not available, and noted that the vulnerability is actively exploited.

severityactivelyExploited
via VulDB
v115h ago

Initial creation