๐ฅ This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)
CVE-2026-48282: Adobe ColdFusion Path Traversal Vulnerability
Summary
Adobe ColdFusion has a path traversal vulnerability (a flaw that lets attackers access files outside their intended directory) that could allow attackers to run arbitrary code (commands of their choice) with the same permissions as the current user. This vulnerability is currently being exploited by attackers in real-world attacks.
Solution / Mitigation
Apply mitigations according to Adobe's vendor instructions at https://helpx.adobe.com/security/products/coldfusion/apsb26-68.html, following CISA's BOD 26-04 guidance for prioritizing security updates. If mitigations are unavailable, discontinue use of the product. The patch deadline is 2026-07-10.
Vulnerability Details
EPSS: 1.0%
Yes
๐ฅ Actively Exploited
July 6, 2026
Classification
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-48282
First tracked: July 7, 2026 at 08:00 PM
Classified by LLM (prompt v3) ยท confidence: 95%