CVE 9.6 CRITICAL

ColdFusion | Improper Input Validation (CWE-20)_CVE-2026-47928

June 9, 2026 invoker category_cve

9.6 / 10

CRITICAL

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Description

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.

AI Analysis

Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user.

Basic Information

ID CVE-2026-47928

Source adobe

Published Jun 9, 2026 at 20:33

Affected Product

Vendor Adobe

Product ColdFusion

Affected Versions Adobe ColdFusion 0

CWE Classification

CWE-20

AI Assessment

AI Score 9.6 / 10

AI Severity Critical

Vendor Adobe

Product ColdFusion

Version 2023.19, 2025.8

References

helpx.adobe.com /security/products/coldfusion/apsb26-64.html

{
    "lastseen": "",
    "description": "ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.",
    "published": "2026-06-09T20:33:36.440Z",
    "modified": "2026-06-09T20:33:36.440Z",
    "type": "cve",
    "title": "ColdFusion | Improper Input Validation (CWE-20)",
    "source": "adobe",
    "references": "https://helpx.adobe.com/security/products/coldfusion/apsb26-64.html",
    "id": "CVE-2026-47928",
    "bulletinFamily": "",
    "cwe": [
        "CWE-20"
    ],
    "cvelist": null,
    "sourceData": "Adobe ColdFusion 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.6,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ColdFusion",
    "version": "0",
    "vendor": "Adobe",
    "ai_description": "Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user.",
    "ai_severity": "Critical",
    "ai_vendor": "Adobe",
    "ai_product": "ColdFusion",
    "ai_version": "2023.19, 2025.8",
    "ai_score": 9.6
}

💭 Join the Security Discussion ❌ Cancel Reply