CVE-2026-48285
HighCVSS 8.6Exploitation Probability (EPSS)
Low risk35th percentile — higher than 35% of all known CVEs
Summary
An SSRF vulnerability in ColdFusion allows bypassing security measures and unauthorized read access. Exploitation requires no user interaction and the scope is changed.
Risk Assessment
The organization is at risk of confidential data leakage via remote unauthenticated attack, potentially leading to system integrity compromise.
Recommendation
Immediately update ColdFusion to version 2025.10 or 2023.21, which contain the fix for this vulnerability.
Original NVD description (English source)
ColdFusion versions 2025.9, 2023.20 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction. Scope is changed.

