Adobe ColdFusion path traversal flaw targeted within hours (CVE-2026-48282)
Vulnerability
Summary
Hide ▲
Show ▼
CVE-2026-48282 is a path traversal vulnerability in Adobe ColdFusion that can lead to arbitrary code execution. The latest reporting says exploitation was observed within hours of public disclosure, including an attempt from 103.207.14[.]220 geolocated to India, which compresses the defender response window for exposed ColdFusion deployments. Adobe released APSB26-68 on June 30, 2026 with fixes for 11 CVEs, including CVE-2026-48282. Adobe said it was not aware of confirmed in-the-wild exploitation at the time, while later reporting tied the flaw to observed targeting soon after disclosure. Exposure data cited 775 ColdFusion instances online, increasing risk for internet-facing systems.
Related Happenings
Magento Open Source and Adobe Commerce PolyShell unauthenticated RCE flaw
Vulnerability
H score30
First: 19.03.2026 22:01
Last: 19.03.2026 22:01
Sources 1
About this happening:
**PolyShell** is a **Magento Open Source** and **Adobe Commerce** vulnerability that can enable **unauthenticated code execution** and **account takeover** across **stable version...
Magento Open Source and Adobe Commerce PolyShell unauthenticated RCE flaw
VulnerabilityAbout this happening: **PolyShell** is a **Magento Open Source** and **Adobe Commerce** vulnerability that can enable **unauthenticated code execution** and **account takeover** across **stable version...
Timeline
-
07.07.2026 11:20 1 articles · 2d ago
Adobe releases APSB26-68 fixes for 11 ColdFusion CVEs
Mitigation Patch UpdateAdobe releases patches on June 30, 2026 for 11 CVEs in the APSB26-68 bulletin, including six maximum-severity flaws with CVSS 10 scores and the path traversal vulnerability tracked as CVE-2026-48282.
Show sources
- Hackers Exploit Maximum Severity Adobe ColdFusion Flaw — www.infosecurity-magazine.com — 07.07.2026 11:20
-
07.07.2026 11:20 3 articles · 2d ago
CVE-2026-48282 is targeted within hours of public disclosure
Exploitation ObservedSecurity researchers report that CVE-2026-48282, a ColdFusion path traversal flaw that could lead to arbitrary code execution, was targeted within hours of public disclosure.
Show sources
- Hackers Exploit Maximum Severity Adobe ColdFusion Flaw — www.infosecurity-magazine.com — 07.07.2026 11:20
- Hackers Exploit Maximum Severity Adobe ColdFusion Flaw — www.infosecurity-magazine.com — 07.07.2026 11:20
- CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV — thehackernews.com — 08.07.2026 08:33
-
07.07.2026 11:20 1 articles · 2d ago
Adobe urges ColdFusion customers to patch CVE-2026-48282
Initial DisclosureAdobe urges ColdFusion customers to patch immediately after reports that a maximum-severity flaw was being exploited, says it is not aware of confirmed in-the-wild exploitation for CVE-2026-48282 or the other APSB26-68 flaws, and ShadowServer Foundation counts 775 exposed ColdFusion instances online.
Show sources
- Hackers Exploit Maximum Severity Adobe ColdFusion Flaw — www.infosecurity-magazine.com — 07.07.2026 11:20