ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. An attacker with high privileges could exploit this vulnerability to execute arbitrary code. Exploitation of this issue does not require user interaction. Scope is changed.
Metrics
Affected Vendors & Products
References
History
Tue, 23 Jun 2026 22:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed. | ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. An attacker with high privileges could exploit this vulnerability to execute arbitrary code. Exploitation of this issue does not require user interaction. Scope is changed. |
Mon, 15 Jun 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | NVD-CWE-noinfo | |
| CPEs | cpe:2.3:a:adobe:coldfusion:2023:-:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update10:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update11:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update12:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update13:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update14:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update15:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update16:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update17:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update18:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update19:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update1:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update2:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update3:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update4:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update5:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update6:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update7:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update8:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update9:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2025:-:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2025:update1:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2025:update2:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2025:update3:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2025:update4:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2025:update5:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2025:update6:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2025:update7:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2025:update8:*:*:*:*:*:* |
Wed, 10 Jun 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 10 Jun 2026 02:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Adobe
Adobe coldfusion |
|
| Vendors & Products |
Adobe
Adobe coldfusion |
Tue, 09 Jun 2026 21:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed. | |
| Title | ColdFusion | Improper Input Validation (CWE-20) | |
| Weaknesses | CWE-20 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: adobe
Published: 2026-06-09T20:33:35.611Z
Updated: 2026-06-23T21:53:07.112Z
Reserved: 2026-05-20T15:50:31.361Z
Link: CVE-2026-47931
Updated: 2026-06-10T14:03:22.404Z
Status : Analyzed
Published: 2026-06-09T21:17:23.050
Modified: 2026-06-15T15:17:36.363
Link: CVE-2026-47931
No data.