Adobe on Tuesday announced security updates for ColdFusion and Campaign Classic to resolve half a dozen maximum severity vulnerabilities.
The update for Adobe Campaign Classic resolves CVE-2026-48286 (CVSS score of 10/10), an incorrect authorization issue that could allow attackers to execute arbitrary code.
Patches for the flaw were included in Adobe Campaign Classic version 7.4.3 build 9397, which is now rolling out to Windows and Linux users.
Updates released for ColdFusion versions 2025 and 2023 address 11 security defects, including six that have a maximum severity rating of 10/10.
Tracked as CVE-2026-48276, CVE-2026-48277, CVE-2026-48281, CVE-2026-48316, CVE-2026-48282, and CVE-2026-48283, the vulnerabilities could lead to arbitrary code execution, Adobe’s advisory reveals.








