COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2026-48282

CVE-2026-48282

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2026-07-07
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-48282
⚡ RCE ⌖ exploited in the wild shame 65/100 rceexploited-in-wild

Adobe ColdFusion allows arbitrary code execution via path traversal, enabling attackers to run commands as the current user.

This vulnerability enables remote code execution within the context of the current user, allowing attackers to execute arbitrary commands on the system. For DIB organizations, this poses a significant risk as it can lead to unauthorized access to sensitive data or system compromise if the application is misconfigured or exploited. Immediate patching and review of input validation in ColdFusion deployments are critical to prevent exploitation.

Shame score — The vulnerability allows arbitrary code execution, which is a severe security risk that could lead to unauthorized access or system compromise.

Players implicated

Adobe · vendorColdFusion · product

Description

Adobe ColdFusion contains a path traversal vulnerability that could lead to arbitrary code execution in the context of the current user.

Affected FedRAMP products 8 in the catalog

ProductProviderStatusMatch
Adobe Acrobat Sign for Government Adobe Authorized vendor-exact · 0.90
Adobe Analytics Adobe Authorized vendor-exact · 0.90
Adobe Campaign Adobe Authorized vendor-exact · 0.90
Adobe Connect Managed Services (ACMS-GC) Adobe Authorized vendor-exact · 0.90
Adobe Creative Cloud for Enterprise Adobe Authorized vendor-exact · 0.90
Adobe Document Cloud (PDF Services & Adobe Sign) Adobe Authorized vendor-exact · 0.90
Adobe Experience Manager Managed Services (AEMMS-GC) Adobe Authorized vendor-exact · 0.90
Adobe Learning Manager Adobe Authorized vendor-exact · 0.90