Exposures › CVE-2026-48282
Adobe ColdFusion allows arbitrary code execution via path traversal, enabling attackers to run commands as the current user.
This vulnerability enables remote code execution within the context of the current user, allowing attackers to execute arbitrary commands on the system. For DIB organizations, this poses a significant risk as it can lead to unauthorized access to sensitive data or system compromise if the application is misconfigured or exploited. Immediate patching and review of input validation in ColdFusion deployments are critical to prevent exploitation.
Shame score — The vulnerability allows arbitrary code execution, which is a severe security risk that could lead to unauthorized access or system compromise.
Adobe ColdFusion contains a path traversal vulnerability that could lead to arbitrary code execution in the context of the current user.
| Product | Provider | Status | Match |
|---|---|---|---|
| Adobe Acrobat Sign for Government | Adobe | Authorized | vendor-exact · 0.90 |
| Adobe Analytics | Adobe | Authorized | vendor-exact · 0.90 |
| Adobe Campaign | Adobe | Authorized | vendor-exact · 0.90 |
| Adobe Connect Managed Services (ACMS-GC) | Adobe | Authorized | vendor-exact · 0.90 |
| Adobe Creative Cloud for Enterprise | Adobe | Authorized | vendor-exact · 0.90 |
| Adobe Document Cloud (PDF Services & Adobe Sign) | Adobe | Authorized | vendor-exact · 0.90 |
| Adobe Experience Manager Managed Services (AEMMS-GC) | Adobe | Authorized | vendor-exact · 0.90 |
| Adobe Learning Manager | Adobe | Authorized | vendor-exact · 0.90 |