CVE 9.3 CRITICAL

ColdFusion | Improper Input Validation (CWE-20)_CVE-2026-27304

April 14, 2026 invoker category_cve

9.3 / 10

CRITICAL

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Description

ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.

AI Analysis

Improper Input Validation vulnerability that could result in arbitrary code execution

Basic Information

ID CVE-2026-27304

Source adobe

Published Apr 14, 2026 at 21:53

Affected Product

Vendor Adobe

Product ColdFusion

Affected Versions Adobe ColdFusion 0

CWE Classification

CWE-20

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor Adobe

Product ColdFusion

Version 2023.18, 2025.6

References

helpx.adobe.com /security/products/coldfusion/apsb26-38.html

{
    "lastseen": "",
    "description": "ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.",
    "published": "2026-04-14T21:53:55.828Z",
    "modified": "2026-04-14T21:53:55.828Z",
    "type": "cve",
    "title": "ColdFusion | Improper Input Validation (CWE-20)",
    "source": "adobe",
    "references": "https://helpx.adobe.com/security/products/coldfusion/apsb26-38.html",
    "id": "CVE-2026-27304",
    "bulletinFamily": "",
    "cwe": [
        "CWE-20"
    ],
    "cvelist": null,
    "sourceData": "Adobe ColdFusion 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ColdFusion",
    "version": "0",
    "vendor": "Adobe",
    "ai_description": "Improper Input Validation vulnerability that could result in arbitrary code execution",
    "ai_severity": "Critical",
    "ai_vendor": "Adobe",
    "ai_product": "ColdFusion",
    "ai_version": "2023.18, 2025.6",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply