Adobe ColdFusion: Multiple Critical Security Vulnerabilities (CVE-2026-48316, CVE-2026-48282)


This text was generated using artificial intelligence (AI).Update July 8, 2026: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-48282 to its Known Exploited Vulnerabilities Catalog and is warning of active exploitation on the web. See below for details.

On June 30, 2026, Adobe published, as part of its security bulletin, APSB26-68 Details on several critical vulnerabilities in Adobe ColdFusion. The one known as CVE-2026-48316 and CVE-2026-48282 Each classified vulnerability was assigned the maximum severity level of CVSS 10.0 These vulnerabilities allow attackers to execute arbitrary code (Remote Code Execution, RCE) on affected servers without requiring authentication or user interaction.

Bulletin APSB26-68 covers a total of 11 CVEs, 6 of which have a maximum CVSS score of 10.0. For complete patch prioritization, we recommend reading the Adobe Security Bulletins APSB26-68.