Back to overview

CVE-2026-48332

HIGH
7.7
CVSS 3.1
Description
ColdFusion is affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction. Scope is changed.

Metadata

CVE ID
CVE-2026-48332
State
PUBLISHED
Assigner
adobe
Reserved
2026-05-21 15:28 UTC
Published
2026-07-14 21:04 UTC
Last updated
2026-07-15 17:38 UTC
Primary CWE
CWE-918
Server-Side Request Forgery (SSRF) (CWE-918)
Vendor / Product
Adobe / ColdFusion 2025
Sources
cve.org  ·  NVD

Severity & Metrics

7.7 HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
SSVC — CISA Coordinator
Exploitation
none
Automatable
no
Tech. Impact
partial
Affected products (2)
VendorProductPlatformVersions
Adobe ColdFusion 2023 0 ≤ 21, 22
Adobe ColdFusion 2025 0 ≤ 10, 11
Weakness (CWE)
CWESourceDescription
CWE-918 cna Server-Side Request Forgery (SSRF) (CWE-918)
CVSS scores (1)
ScoreSeverityVersionSourceVector
7.7 HIGH 3.1 cna CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Back to overview