Vulners
Lucene search
Adobe ColdFusion < 2023.x < 2023u20 / 2025.x < 2025u9 Multiple Vulnerabilities (APSB26-64)
| Reporter | Title | Published | Views | Family All 63 |
|---|---|---|---|---|
 | CVE-2026-47931 | 9 Jun 202620:33 | – | attackerkb |
 | CVE-2026-47928 | 9 Jun 202622:32 | – | circl |
| CVE-2026-47929 | 9 Jun 202622:02 | – | circl |
| CVE-2026-47930 | 9 Jun 202622:27 | – | circl |
| CVE-2026-47931 | 9 Jun 202622:22 | – | circl |
| CVE-2026-47932 | 9 Jun 202622:07 | – | circl |
 | Adobe ColdFusion 输入验证错误漏洞 | 9 Jun 202600:00 | – | cnnvd |
| Adobe ColdFusion 路径遍历漏洞 | 9 Jun 202600:00 | – | cnnvd |
| Adobe ColdFusion 输入验证错误漏洞 | 9 Jun 202600:00 | – | cnnvd |
| Adobe ColdFusion 跨站脚本漏洞 | 9 Jun 202600:00 | – | cnnvd |
10
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(322412);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/06/25");
script_cve_id(
"CVE-2026-47928",
"CVE-2026-47929",
"CVE-2026-47930",
"CVE-2026-47931",
"CVE-2026-47932",
"CVE-2026-47933",
"CVE-2026-47960"
);
script_xref(name:"IAVA", value:"2026-A-0586");
script_name(english:"Adobe ColdFusion < 2023.x < 2023u20 / 2025.x < 2025u9 Multiple Vulnerabilities (APSB26-64)");
script_set_attribute(attribute:"synopsis", value:
"A web-based application running on the remote host is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Adobe ColdFusion installed on the remote Windows host is prior to 2023.x update 20 or 2025.x update 9. It
is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-64 advisory.
- Improper Input Validation potentially leading to Arbitrary code execution (CVE-2026-47928, CVE-2026-47930,
CVE-2026-47931)
- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') potentially leading to
Security feature bypass (CVE-2026-47932)
- Incorrect Authorization potentially leading to Privilege escalation (CVE-2026-47929)
- Improper Restriction of XML External Entity Reference ('XXE') potentially leading to Arbitrary file system
read (CVE-2026-47960)
- Cross-site Scripting (Stored XSS) potentially leading to Arbitrary code execution (CVE-2026-47933)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/coldfusion/apsb26-64.html");
script_set_attribute(attribute:"solution", value:
"Update to Adobe ColdFusion version 2023 update 20 / 2025 update 9 or later.");
script_set_attribute(attribute:"agent", value:"windows");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-47932");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2026-47928");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(20, 22, 611, 79, 863);
script_set_attribute(attribute:"vuln_publication_date", value:"2026/06/09");
script_set_attribute(attribute:"patch_publication_date", value:"2026/06/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/06/24");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:coldfusion");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("coldfusion_win_local_detect.nasl");
script_require_keys("SMB/coldfusion/instance");
script_require_ports(139, 445);
exit(0);
}
include('vdf.inc');
# @tvdl-content
var vuln_data = {
'metadata': {'spec_version': '1.0'},
'checks': [
{
'product': {'name': 'Adobe ColdFusion', 'type': 'app'},
'check_algorithm': 'default',
'constraints' : [
{
'equal': '2023.0.0', 'fixed_display': 'Missing cumulative hotfix : chf2023000020.jar',
'requires' : [{'scope': 'install', 'less': { 'chf_version': '20' }}]
},
{
'equal': '2025.0.0', 'fixed_display': 'Missing cumulative hotfix : chf2025000009.jar',
'requires' : [{'scope': 'install', 'less': { 'chf_version': '9' }}]
}
]
}
]
};
var vdf_result = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_HOLE);
vdf::handle_check_and_report_errors(vdf_result:vdf_result);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
25 Jun 2026 00:00Current
6.4Medium risk
Vulners AI Score6.4
CVSS 3.19.6 - 10
EPSS0.08871
SSVC