Adobe on Tuesday introduced safety updates for ColdFusion and Marketing campaign Traditional to resolve half a dozen most severity vulnerabilities.
The replace for Adobe Marketing campaign Traditional resolves CVE-2026-48286 (CVSS rating of 10/10), an incorrect authorization challenge that would enable attackers to execute arbitrary code.
Patches for the flaw had been included in Adobe Marketing campaign Traditional model 7.4.3 construct 9397, which is now rolling out to Home windows and Linux customers.
Updates launched for ColdFusion variations 2025 and 2023 tackle 11 safety defects, together with six which have a most severity ranking of 10/10.
Tracked as CVE-2026-48276, CVE-2026-48277, CVE-2026-48281, CVE-2026-48316, CVE-2026-48282, and CVE-2026-48283, the vulnerabilities might result in arbitrary code execution, Adobe’s advisory reveals.
In response to Adobe, these flaws are rooted within the unrestricted add of recordsdata with harmful varieties, improper enter validation, and path traversal weaknesses.
Two different critical-severity bugs resolved in ColdFusion, CVE-2026-48313 and CVE-2026-48315 (CVSS rating of 9.3), are described as path traversal and improper enter validation points that would result in arbitrary file system learn and privilege escalation.
The replace additionally resolves CVE-2026-48307 (CVSS rating of 8.8), an XSS defect resulting in arbitrary code execution, CVE-2026-48285 (CVSS rating of 8.6), a SSRF flaw resulting in safety function bypass, and CVE-2026-48314, a medium-severity path traversal resulting in privilege escalation.
Fixes for all vulnerabilities had been included in ColdFusion 2025 Replace 10 and ColdFusion 2023 Replace 21.
Adobe says it isn’t conscious of any public exploits concentrating on these safety defects, however has assigned a precedence ranking of 1 to each safety updates, which signifies that the failings might find yourself being exploited in assaults. Customers are suggested to replace their purposes as quickly as attainable.
Associated: Apple Patches Dozens of Vulnerabilities Throughout iOS, macOS, and Safari
Associated: ‘DirtyClone’ Linux Kernel Vulnerability Results in Root Entry
Associated: BlueHammer Vulnerability Exploited in Ransomware Assaults
Associated: GitLab Patches Code Execution, Info Disclosure Vulnerabilities







