Critical Adobe ColdFusion Path Traversal Exploited Within Hours of Patch Release
CVE-2026-48282, a CVSS 10.0 path traversal flaw in Adobe ColdFusion enabling arbitrary code execution, was exploited in-the-wild within two hours of public disclosure on June 30, 2026.
Attack Brief
TargetAdobe ColdFusionVectorPath traversal leading to arbitrary code executionAttributionunattributed
Technical Details
CVE IDsCVE-2026-48282MITRE ATT&CKT1190AffectedColdFusion 2025 (prior to update 10); ColdFusion 2023 (prior to update 21)
Impact
Confirmed DamageIn-the-wild exploitation confirmed by KEVIntel honeypot network and Canadian Centre for Cyber Security within hours of public disclosureGeographyCanada
Mitigation
PatchesAdobe ColdFusion 2025 update 10Adobe ColdFusion 2023 update 21
Source
https://www.securityweek.com/critical-adobe-coldfusion-vulnerability-exploited-in-attacks/on 2026-07-07T00:00:00Z2 sources