CVE Catalog

CVE-2026-47932

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

High risk
2.73%

84th percentile - higher than 84% of all known CVEs

Summary

ColdFusion versions 2023.19, 2025.8 and earlier are affected by a 'Path Traversal' vulnerability that could lead to a security feature bypass. An attacker could leverage this vulnerability to access unauthorized files or directories outside the intended restrictions.

Risk Assessment

Exploitation of this issue may lead to the disclosure of sensitive data or unauthorized access to the system. It requires user interaction, increasing the risk if a malicious file is opened.

Recommendation

It is recommended to update ColdFusion to the latest version to mitigate this vulnerability. Additionally, users should be educated about the risks of opening unknown files.

Original NVD description (English source)

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access unauthorized files or directories outside the intended restrictions. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS