National Cyber Warfare Foundation (NCWF)

Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic


0 user ratings
2026-07-02 10:14:05
milo
Blue Team (CND)
Adobe fixed multiple critical flaws, including max severity bugs in ColdFusion and Campaign Classic that could lead to remote code execution Adobe has released security updates for ColdFusion and Campaign Classic, fixing multiple critical vulnerabilities, including seven maximum-severity issues (CVSS score of 10.0). If exploited, the flaws could allow attackers to execute arbitrary code, escalate […


Adobe fixed multiple critical flaws, including max severity bugs in ColdFusion and Campaign Classic that could lead to remote code execution






Adobe has released security updates for ColdFusion and Campaign Classic, fixing multiple critical vulnerabilities, including seven maximum-severity issues (CVSS score of 10.0). If exploited, the flaws could allow attackers to execute arbitrary code, escalate privileges, read sensitive files, or bypass security protections.





Adobe strongly recommends that customers apply the updates as soon as possible to reduce the risk of compromise.





The vulnerabilities include:






  • CVE-2026-48276, CVE-2026-48283 (CVSS score of 10.0) – Allow attackers to upload malicious files and execute arbitrary code.




  • CVE-2026-48277, CVE-2026-48281, CVE-2026-48316 (CVSS score of 10.0) – Input validation flaws that could let attackers execute arbitrary code.




  • CVE-2026-48282 (CVSS score of 10.0) – A path traversal flaw that could result in arbitrary code execution.




  • CVE-2026-48313 (CVSS score of 9.3) – A path traversal flaw that could let attackers read sensitive files.




  • CVE-2026-48315 (CVSS score of 9.3) – An input validation flaw that could allow privilege escalation.





Adobe addressed these vulnerabilities in ColdFusion 2023 Update 21 and ColdFusion 2025 Update 10. Security researchers Anirudh Anand, Matan Sandori, and 2Bsecure reported several of the vulnerabilities.





The firm thanked researchers for reporting the issues and helping improve security: Anirudh Anand reported CVE-2026-48283 and CVE-2026-48313, while Matan Sandori and 2Bsecure reported CVE-2026-48307.





The company also fixed a critical flaw, tracked as CVE-2026-48286 (CVSS score of 10.0) in Adobe Campaign Classic that could let attackers execute arbitrary code due to an authorization weakness.





The issue affects on-premises deployments running version 7.4.3 build 9396 and earlier and is fixed in build 9397. Adobe-hosted instances are not affected.





The software giant said it has seen no evidence of active exploitation.





“Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates.” reads the advisory.





Follow me on Twitter: @securityaffairs and Facebook and Mastodon





Pierluigi Paganini





(SecurityAffairs – hacking, Coldfusion)



Source: SecurityAffairs
Source Link: https://securityaffairs.com/194622/security/adobe-fixed-multiple-maximum-severity-flaws-in-coldfusion-and-campaign-classic.html


Comments
new comment
Nobody has commented yet. Will you be the first?
 
Forum
Blue Team (CND)



Copyright 2012 through 2026 - National Cyber Warfare Foundation - All rights reserved worldwide.