Adobe Coldfusion 2023
13 CVEs affecting Adobe Coldfusion 2023. Latest disclosed: 2026-07-14. Critical: 8, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-48318 | Critical | 9.9 | 2026-07-14 | ColdFusion is affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file sys… |
CVE-2026-48322 | Critical | 9.6 | 2026-07-14 | ColdFusion is affected by an Improper Control of Generation of Code ('Code Injection') vulnerability that could result in arbitrary code execution in the conte… |
CVE-2026-48284 | Critical | 9.6 | 2026-07-14 | ColdFusion is affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploita… |
CVE-2026-48325 | Critical | 9.3 | 2026-07-14 | ColdFusion is affected by a Missing Authentication for Critical Function vulnerability that could result in arbitrary code execution in the context of the curr… |
CVE-2026-48321 | Critical | 9.3 | 2026-07-14 | ColdFusion is affected by an Incorrect Authorization vulnerability that could result in privilege escalation. An attacker could leverage this vulnerability to… |
CVE-2026-48324 | Critical | 9.1 | 2026-07-14 | ColdFusion is affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could result in arbitrary… |
CVE-2026-48319 | Critical | 9.1 | 2026-07-14 | ColdFusion is affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary code e… |
CVE-2026-48327 | Critical | 9.0 | 2026-07-14 | ColdFusion is affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitati… |
CVE-2026-48320 | High | 8.5 | 2026-07-14 | ColdFusion is affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a… |
CVE-2026-48332 | High | 7.7 | 2026-07-14 | ColdFusion is affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security feature bypass. A low-privileged attacker could le… |
CVE-2026-48328 | High | 7.7 | 2026-07-14 | ColdFusion is affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage t… |
CVE-2026-48338 | Medium | 6.8 | 2026-07-14 | ColdFusion is affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file sys… |
CVE-2026-48329 | Low | 2.7 | 2026-07-14 | ColdFusion is affected by an Insufficient Session Expiration vulnerability that could result in a Security feature bypass. A high-privileged attacker could lev… |