Adobe has released patches for multiple maximum-severity security flaws impacting Adobe ColdFusion and Adobe Campaign Classic.
The ColdFusion updates “resolves critical and important vulnerabilities that could lead to arbitrary code execution, privilege escalation, arbitrary file system read, and security feature bypass,” Adobe said in an alert released Tuesday.
The vulnerabilities are listed below –
- CVE-2026-48276, CVE-2026-48283 (CVSS scores: 10.0) – Unrestricted upload of file with dangerous type vulnerabilities that could lead to arbitrary code execution
- CVE-2026-48277, CVE-2026-48281, CVE-2026-48316 (CVSS scores: 10.0) – Improper input validation vulnerabilities that could lead to arbitrary code execution
- CVE-2026-48282 (CVSS score: 10.0) – A path traversal vulnerability that could lead to arbitrary code execution
- CVE-2026-48313 (CVSS score: 9.3) – A path traversal vulnerability that could lead to arbitrary file system read
- CVE-2026-48315 (CVSs score: 9.3) – An improper input validation vulnerability that could lead to privilege escalation
The issues have been addressed in ColdFusion 2023 Update 21 and ColdFusion 2025 Update 10. Security researchers Anirudh Anand, Matan Sandori, and 2Bsecure have been credited with discovering and reporting CVE-2026-48283, CVE-2026-48313, and CVE-2026-48307.


Leave a Reply