Skip to main content

Coldfusion EUVD-2026-22738

| CVE-2026-27308 LOW
Uncontrolled Resource Consumption (CWE-400)
2026-04-14 psirt@adobe.com
Denial Of Service Coldfusion
2.4
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
2.4 LOW
AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

4
Analysis Generated
Apr 14, 2026 - 22:43 vuln.today
EUVD ID Assigned
Apr 14, 2026 - 22:22 euvd
EUVD-2026-22738
Analysis Generated
Apr 14, 2026 - 22:22 vuln.today
CVE Published
Apr 14, 2026 - 22:16 nvd
LOW 2.4

DescriptionCVE.org

ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. A high-privileged attacker could exploit this vulnerability and exhaust system resources, reducing application speed. Exploitation of this issue does not require user interaction.

AnalysisAI

ColdFusion versions 2023.18, 2025.6, and earlier are vulnerable to uncontrolled resource consumption that allows high-privileged attackers to trigger application denial-of-service by exhausting system resources without user interaction. This is a low-severity issue (CVSS 2.4) affecting only authenticated administrators, with no public exploit code or active exploitation reported.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain admin credentials
Delivery
Access ColdFusion interface locally
Exploit
Submit resource-exhausting request
Execution
Exhaust system resources
Impact
Application degradation
Sign in to reveal

Vulnerability AssessmentAI

Risk Assessment Despite a low CVSS score of 2.4, this vulnerability presents minimal real-world risk due to multiple limiting factors. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated ColdFusion administrator or an attacker with compromised administrative credentials could submit malformed or resource-intensive requests to the ColdFusion application server, triggering excessive CPU, memory, or I/O consumption that slows or halts legitimate application functionality. No automated exploit code is publicly available, and exploitation requires direct access to the ColdFusion administration network segment or valid admin credentials, making opportunistic attacks unlikely.
Remediation Upgrade ColdFusion 2023 to update 19 or later, or upgrade ColdFusion 2025 to update 7 or later to resolve this vulnerability. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-22738 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy