EUVD-2026-22732CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue does not require user interaction.
AnalysisAI
Path traversal in Adobe ColdFusion 2023.18, 2025.6 and earlier enables unauthenticated remote attackers to read arbitrary files from the server file system without user interaction. The vulnerability carries a CVSS score of 8.6 (High) due to network accessibility, low complexity, and scope change, allowing access to sensitive files and directories beyond intended boundaries. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify and inventory all ColdFusion 2023.18 and 2025.6 instances; restrict network access to ColdFusion administration and application ports using firewall rules or WAF policies; implement request filtering to block path traversal patterns (../, ..\ sequences). Within 7 days: Contact Adobe for patch availability and timeline; evaluate offline or air-gapped deployment options as interim measures; implement enhanced logging and monitoring for file access anomalies. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today