CVE-2026-47931
HighCVSS 8.4Exploitation Probability (EPSS)
Low risk46th percentile - higher than 46% of all known CVEs
Summary
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. An attacker with high privileges could exploit this vulnerability without user interaction, and the scope is changed.
Risk Assessment
The risk for the organization includes potential system compromise by a privileged attacker, leading to data theft, malware installation, or further attack escalation within the network.
Recommendation
It is recommended to immediately update ColdFusion to version 2023.20 or 2025.9 (or later) and restrict user account privileges to the minimum necessary.
Original NVD description (English source)
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. An attacker with high privileges could exploit this vulnerability to execute arbitrary code. Exploitation of this issue does not require user interaction. Scope is changed.

