Threat actors are exploiting a recently patched vulnerability in Adobe ColdFusion that carries a maximum severity rating.
Tracked as CVE-2026-48282 (CVSS score of 10/10), the security defect is described as a path traversal that could lead to arbitrary code execution.
It was patched on June 30 alongside five other max severity flaws in Adobe’s rapid application development platform that could be exploited for code execution.
Adobe released ColdFusion 2025 update 10 and ColdFusion 2023 update 21 to resolve these flaws, noting that it was not aware of any exploits in the wild targeting them.
However, the tech giant did assign a priority rating of 1 to the security update, urging users to apply the patches as soon as possible, given the high risk that attackers could start targeting the flaws.







