CVE-2026-47932
HighCVSS 8.8Exploitation Probability (EPSS)
High risk84th percentile - higher than 84% of all known CVEs
Summary
ColdFusion versions 2023.19, 2025.8 and earlier are affected by a 'Path Traversal' vulnerability that could lead to a security feature bypass. An attacker could leverage this vulnerability to access unauthorized files or directories outside the intended restrictions.
Risk Assessment
Exploitation of this issue may lead to the disclosure of sensitive data or unauthorized access to the system. It requires user interaction, increasing the risk if a malicious file is opened.
Recommendation
It is recommended to update ColdFusion to the latest version to mitigate this vulnerability. Additionally, users should be educated about the risks of opening unknown files.
Original NVD description (English source)
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access unauthorized files or directories outside the intended restrictions. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.

