Critical Vulnerabilities in Adobe ColdFusion

Published on 15 Mar 2023 | Updated on 15 Mar 2023

Adobe has released security updates to address critical vulnerabilities (CVE-2023-26359 and CVE-2023-26360) in ColdFusion. 

The critical vulnerabilities are:

  • CVE-2023-26359: An insecure deserialisation vulnerability could allow a remote attacker to execute arbitrary code.
  • CVE-2023-26360: An improper access control vulnerability could allow remote attackers to execute arbitrary code.

The following versions of Adobe ColdFusion are affected:

  • ColdFusion 2018 versions 15 and earlier
  • ColdFusion 2021 versions 5 and earlier

Users and administrators of affected product versions are advised to update to the latest versions immediately.

More information is available here: