Find notable cyber news and cases, enriched with sources, timelines, and signals.

Adobe ColdFusion path traversal flaw targeted within hours (CVE-2026-48282)

Vulnerability
First reported
Last updated
Happening score
H score 49
2 unique sources, 2 articles

Summary

Hide ▲

CVE-2026-48282 is a path traversal vulnerability in Adobe ColdFusion that can lead to arbitrary code execution. The latest reporting says exploitation was observed within hours of public disclosure, including an attempt from 103.207.14[.]220 geolocated to India, which compresses the defender response window for exposed ColdFusion deployments. Adobe released APSB26-68 on June 30, 2026 with fixes for 11 CVEs, including CVE-2026-48282. Adobe said it was not aware of confirmed in-the-wild exploitation at the time, while later reporting tied the flaw to observed targeting soon after disclosure. Exposure data cited 775 ColdFusion instances online, increasing risk for internet-facing systems.

Related Happenings

Magento Open Source and Adobe Commerce PolyShell unauthenticated RCE flaw

Vulnerability
H score30 First: 19.03.2026 22:01 Last: 19.03.2026 22:01 Sources 1

About this happening: **PolyShell** is a **Magento Open Source** and **Adobe Commerce** vulnerability that can enable **unauthenticated code execution** and **account takeover** across **stable version...

Timeline

  1. 07.07.2026 11:20 1 articles · 2d ago

    Adobe releases APSB26-68 fixes for 11 ColdFusion CVEs

    Mitigation Patch Update

    Adobe releases patches on June 30, 2026 for 11 CVEs in the APSB26-68 bulletin, including six maximum-severity flaws with CVSS 10 scores and the path traversal vulnerability tracked as CVE-2026-48282.

    Show sources
  2. 07.07.2026 11:20 3 articles · 2d ago

    CVE-2026-48282 is targeted within hours of public disclosure

    Exploitation Observed

    Security researchers report that CVE-2026-48282, a ColdFusion path traversal flaw that could lead to arbitrary code execution, was targeted within hours of public disclosure.

    Show sources
  3. 07.07.2026 11:20 1 articles · 2d ago

    Adobe urges ColdFusion customers to patch CVE-2026-48282

    Initial Disclosure

    Adobe urges ColdFusion customers to patch immediately after reports that a maximum-severity flaw was being exploited, says it is not aware of confirmed in-the-wild exploitation for CVE-2026-48282 or the other APSB26-68 flaws, and ShadowServer Foundation counts 775 exposed ColdFusion instances online.

    Show sources