Description
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access. Exploitation of this issue does not require user interaction.
Published: 2026-06-09
Score: 8.1 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability in Adobe ColdFusion results from improper input validation, allowing a low‑privileged attacker to bypass built‑in security mechanisms. Because the flaw does not require user interaction, a malicious actor can supply crafted data that the application accepts, enabling unauthorized read and write operations.

Affected Systems

Adobe ColdFusion versions 2023.19, 2025.8 and all earlier releases are affected. Any ColdFusion instance running these or earlier versions is at risk, particularly if it exposes services without sufficient access controls.

Risk and Exploitability

The CVSS score of 8.1 indicates a high potential impact. The vulnerability can be triggered remotely without user interaction and permits bypass of security controls, presenting a tangible risk. Although the EPSS score is not available and the issue is not in CISA’s KEV catalog, the possibility of unauthorized data access makes this a significant threat based on severity and bypass capability.

Generated by OpenCVE AI on June 9, 2026 at 22:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest ColdFusion security patch as released by Adobe, following the guidance in the official advisory.
  • If a patch is not yet available, restrict exposure by limiting network access and enforcing least privilege on service accounts.
  • Implement application‑layer monitoring to detect anomalous input patterns that could indicate exploitation of this validation flaw.

Generated by OpenCVE AI on June 9, 2026 at 22:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 21:15:00 +0000

Type Values Removed Values Added
Description ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access. Exploitation of this issue does not require user interaction.
Title ColdFusion | Improper Input Validation (CWE-20)
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-09T20:33:34.756Z

Reserved: 2026-05-20T15:50:31.361Z

Link: CVE-2026-47930

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-09T21:17:22.933

Modified: 2026-06-09T21:17:22.933

Link: CVE-2026-47930

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T23:00:15Z

Weaknesses