CVE Catalog

CVE-2026-47931

HighCVSS 8.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.63%

46th percentile - higher than 46% of all known CVEs

Summary

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. An attacker with high privileges could exploit this vulnerability without user interaction, and the scope is changed.

Risk Assessment

The risk for the organization includes potential system compromise by a privileged attacker, leading to data theft, malware installation, or further attack escalation within the network.

Recommendation

It is recommended to immediately update ColdFusion to version 2023.20 or 2025.9 (or later) and restrict user account privileges to the minimum necessary.

Original NVD description (English source)

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. An attacker with high privileges could exploit this vulnerability to execute arbitrary code. Exploitation of this issue does not require user interaction. Scope is changed.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS