EUVD-2026-22734
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionNVD
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Attacker requires elevated privileges. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
AnalysisAI
Arbitrary code execution in Adobe ColdFusion 2023.18, 2025.6 and earlier allows authenticated attackers with high privileges to execute malicious code through improper input validation. Exploitation requires user interaction (victim opening a malicious file). …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify all ColdFusion 2023.18 and 2025.6 instances in your environment and document users with high-privilege accounts. Within 7 days: Implement file upload restrictions and disable unnecessary features on affected servers; restrict high-privilege user access to least-privilege principles; enable ColdFusion security sandboxing if available. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today