CVE-2026-27304

CRITICAL

ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.

CVSS v3.1 Score

9.3

CRITICAL

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Attack Vector

ADJACENT_NETWORK

Complexity

LOW

Privileges

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Published: 4/14/2026Modified: 4/16/2026

Related Intelligence (0)

No articles currently reference this CVE.

References (1)

https://helpx.adobe.com/security/products/coldfusion/apsb26-38.htmlVendor Advisory