Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-48282— ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

CVSS 10.0 · Critical EPSS 1.02% · P59

Affected Version Matrix 1

VendorProductVersion RangeStatus
AdobeColdFusion≤ 2023.20affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-48282

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Source: NVD (National Vulnerability Database)
Vulnerability Description
ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Adobe ColdFusion 路径遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Adobe coldfusion是美国Adobe公司的一款快速Web应用开发平台。 Adobe ColdFusion存在路径遍历漏洞,该漏洞源于路径遍历问题,可能导致在当前用户上下文中执行任意代码。以下版本受到影响:2025.9版本、2023.20版本及之前版本。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
AdobeColdFusion 0 ~ 2023.20 -

II. Public POCs for CVE-2026-48282

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-48282

登录查看更多情报信息。

Vendor Advisories for CVE-2026-48282 (1)

Same Patch Batch · Adobe · 2026-06-30 · 11 CVEs total

CVE-2026-4827710.0 CRITICALColdFusion | Improper Input Validation (CWE-20)
CVE-2026-4828110.0 CRITICALColdFusion | Improper Input Validation (CWE-20)
CVE-2026-4827610.0 CRITICALColdFusion | Unrestricted Upload of File with Dangerous Type (CWE-434)
CVE-2026-4828310.0 CRITICALColdFusion | Unrestricted Upload of File with Dangerous Type (CWE-434)
CVE-2026-4828610.0 CRITICALAdobe Campaign Classic (ACC) | Incorrect Authorization (CWE-863)
CVE-2026-483159.3 CRITICALColdFusion | Improper Input Validation (CWE-20)
CVE-2026-483139.3 CRITICALColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'
CVE-2026-483078.8 HIGHColdFusion | Cross-site Scripting (Reflected XSS) (CWE-79)
CVE-2026-482858.6 HIGHColdFusion | Server-Side Request Forgery (SSRF) (CWE-918)
CVE-2026-483146.5 MEDIUMColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'

IV. Related Vulnerabilities

V. Comments for CVE-2026-48282

No comments yet


Leave a comment