CVE Catalog

CVE-2026-47928

CriticalCVSS 9.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

High risk
2.48%

82th percentile — higher than 82% of all known CVEs

Summary

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.

Risk Assessment

The organization may be exposed to unauthorized code execution, potentially leading to serious security breaches and data loss.

Recommendation

It is recommended to update to the latest version of ColdFusion to mitigate this vulnerability and implement additional security measures.

Original NVD description (English source)

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS