Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
4180 articles · 176130 vulns · 37/41 feeds (7d)
← Back to list
8.6
CVE-2026-48310EXPLOITEDPATCHED
adobe · adobe experience manager as a cloud service

Adobe Experience Manager | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

Description

A vulnerability labeled as problematic has been found in Adobe Experience Manager. This issue affects some unknown processing of the component File System Access. Executing a manipulation of the argument pathname can lead to path traversal. This vulnerability is handled as CVE-2026-48310. The attack can be executed remotely.

Affected Products

VendorProductVersions
adobeadobe experience manager as a cloud service0, 0, 0

Also Affects

Downstream vendors/products affected by this vulnerability

VendorProductSourceConfidence
adobeexperiencecert_advisory90%

References

  • https://helpx.adobe.com/security/products/experience-manager/apsb26-74.html(vendor-advisory)

Related News (2 articles)

Tier B
BSI Advisories5h ago
[NEU] [hoch] Adobe Experience Manager: Mehrere Schwachstellen
→ No new info (linked only)
Tier C
VulDB16h ago
CVE-2026-48310 | Adobe Experience Manager File System Access pathname path traversal
→ No new info (linked only)
CVSS 3.18.6 HIGH
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
CISA KEV❌ No
Actively exploited✅ Yes
Patch available
2026.6.0SP2 - Hotfix for NPR-439726.5.25 - Hotfix for NPR-43972
CWECWE-22
PublishedJul 14, 2026
Last enriched16h agov2
Trending Score57
Source articles2
Independent2
Info Completeness9/14
Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

CRITICALCVE-2026-48318EXP
ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Trending: 69
HIGHCVE-2026-48252EXP
Adobe Experience Manager | Missing Authentication for Critical Function (CWE-306)
Trending: 67
CRITICALCVE-2026-48284EXP
ColdFusion | Improper Input Validation (CWE-20)
Trending: 65
CRITICALCVE-2026-48322EXP
ColdFusion | Improper Control of Generation of Code ('Code Injection') (CWE-94)
Trending: 65
CRITICALCVE-2026-48282EXPKEV
ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Trending: 57

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jul 14, 2026
Discovered by ZDM
Jul 14, 2026
Actively Exploited
Jul 14, 2026
Patch Available
Jul 14, 2026
Updated: description, activelyExploited
Jul 14, 2026

Version History

v2
Last enriched 16h ago
v2Tier C16h ago

Updated description with new technical details, marked exploit availability as false, and noted that the vulnerability is actively exploited.

descriptionactivelyExploited
via VulDB
v119h ago

Initial creation