Skip to main content

Adobe ColdFusion EUVD-2026-35832

| CVE-2026-47932 CRITICAL
Path Traversal (CWE-22)
2026-06-09 psirt@adobe.com GHSA-9pw3-ggm9-46qq
Path Traversal Coldfusion
9.6
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.6 CRITICAL
AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
vuln.today AI
9.6 CRITICAL

Network-deliverable malicious file with no attacker auth (AV:N/PR:N), low complexity, but requires victim to open the file (UI:R); traversal crosses a security boundary (S:C) with high CIA impact.

3.1 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Analysis Updated
Jun 15, 2026 - 15:28 vuln.today
v3 (cvss_changed)
Analysis Updated
Jun 15, 2026 - 15:28 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 15, 2026 - 15:22 vuln.today
cvss_changed
Severity Changed
Jun 15, 2026 - 15:22 NVD
HIGH CRITICAL
CVSS changed
Jun 15, 2026 - 15:22 NVD
8.8 (HIGH) 9.6 (CRITICAL)
Analysis Generated
Jun 09, 2026 - 21:32 vuln.today

DescriptionNVD

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access unauthorized files or directories outside the intended restrictions. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.

AnalysisAI

Security feature bypass in Adobe ColdFusion 2023 (through Update 19) and ColdFusion 2025 (through Update 8) allows remote attackers to read files outside intended directories via a path traversal flaw, with a scope change that extends impact beyond the vulnerable component. Exploitation requires the victim to open a malicious file, and no public exploit identified at time of analysis; EPSS is low (0.02%) but CVSS is 9.6 due to the scope change and high CIA impact.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Identify ColdFusion target and operator
Delivery
Craft malicious file with traversal payload
Exploit
Deliver via phishing or shared workflow
Install
Victim opens file on ColdFusion host
C2
Path traversal escapes restricted directory
Execute
Read or modify out-of-scope files
Impact
Bypass security feature across scope boundary
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires a victim with access to a ColdFusion 2023 (≤Update 19) or ColdFusion 2025 (≤Update 8) environment to open a maliciously crafted file (UI:R), which the vulnerable code path then processes without properly constraining the embedded pathname to its intended restricted directory. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are conflicting: the CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H, 9.6) reflects an unauthenticated network-reachable bug with a scope change and total CIA impact, while EPSS sits at 0.02% (7th percentile) and CISA SSVC reports Exploitation: none and Automatable: no with Technical Impact: total. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts a malicious file (for example a CFML asset, archive, or document containing traversal sequences in embedded path fields) and delivers it via phishing or a shared workflow to a ColdFusion administrator or developer; when the victim opens or imports the file on a system interacting with ColdFusion, the server processes the embedded paths and reads or writes files outside the restricted directory, bypassing the intended security boundary and, due to the scope change, affecting resources beyond the vulnerable component. No public exploit identified at time of analysis, so this scenario is reconstructed from the CVSS vector and CWE-22 description.
Remediation Apply Adobe's fixes per security bulletin APSB26-64 (https://helpx.adobe.com/security/products/coldfusion/apsb26-64.html), which supersedes ColdFusion 2023 Update 19 and ColdFusion 2025 Update 8; install the next available update on each track as published by Adobe. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

24 hours: Identify and inventory all ColdFusion 2023 Update 19 and earlier, and ColdFusion 2025 Update 8 and earlier instances; restrict network access where operationally feasible; enable enhanced audit logging for file access. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-35832 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy