Skip to main content

Active Exploitation of CVE-2026-48282 in Adobe ColdFusion

Successful exploitation could lead to arbitrary code execution in the context of the current user

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Successful exploitation could lead to arbitrary code execution in the context of the current user


Threat details

Exploitation of CVE-2026-48282

Security researchers have reported observing exploitation of vulnerability CVE-2026-48282 in the wild. 

The NHS England National CSOC assesses further exploitation as highly likely.


Introduction

Adobe has released security updates for a critical vulnerability in Adobe ColdFusion. 

  • CVE-2026-48282  - 'Path Traversal' vulnerability -  CVSSv3 score - 10.

Remediation advice

Affected organisations are encouraged to review Adobe Security Bulletin APSB26-68 and apply the relevant update as soon as possible.



Last edited: 3 July 2026 10:21 am