Adobe has released security patches for seven maximum-severity vulnerabilities in the ColdFusion web app development platform and the Campaign Classic marketing automation platform.
All these vulnerabilities can be exploited in low-complexity attacks that don't require user interaction and were tagged with priority 1, indicating a high risk of being targeted.
"This update resolves vulnerabilities being targeted, or which have a higher risk of being targeted, by exploit(s) in the wild for a given product version and platform. Adobe recommends administrators install the update as soon as possible. (for example, within 72 hours)," Adobe says.
" Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates," the company added in advisories released on Tuesday.
Six of these critical security flaws (tracked as CVE-2026-48276, CVE-2026-48277, CVE-2026-48281, CVE-2026-48316, and CVE-2026-48282) affect ColdFusion versions 2025.9, 2023.20 and earlier, and can be exploited by attackers without privileges to gain remote code execution on unpatched systems.











