CVE-2026-27307

ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. A high-privileged attacker could exploit this vulnerability and exhaust system resources, reducing application speed. Exploitation of this issue does not require user interaction.

CVSS v3 2.4 LOW

2.4^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 1.4

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://helpx.adobe.com/security/products/coldfusion/apsb26-38.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:adobe:coldfusion:2023:-::::::
	cpe:2.3:a:adobe:coldfusion:2023:update1::::::
	cpe:2.3:a:adobe:coldfusion:2023:update10::::::
	cpe:2.3:a:adobe:coldfusion:2023:update11::::::
	cpe:2.3:a:adobe:coldfusion:2023:update12::::::
	cpe:2.3:a:adobe:coldfusion:2023:update13::::::
	cpe:2.3:a:adobe:coldfusion:2023:update14::::::
	cpe:2.3:a:adobe:coldfusion:2023:update15::::::
	cpe:2.3:a:adobe:coldfusion:2023:update16::::::
	cpe:2.3:a:adobe:coldfusion:2023:update17::::::
	cpe:2.3:a:adobe:coldfusion:2023:update18::::::
	cpe:2.3:a:adobe:coldfusion:2023:update2::::::
	cpe:2.3:a:adobe:coldfusion:2023:update3::::::
	cpe:2.3:a:adobe:coldfusion:2023:update4::::::
	cpe:2.3:a:adobe:coldfusion:2023:update5::::::
	cpe:2.3:a:adobe:coldfusion:2023:update6::::::
	cpe:2.3:a:adobe:coldfusion:2023:update7::::::
	cpe:2.3:a:adobe:coldfusion:2023:update8::::::
	cpe:2.3:a:adobe:coldfusion:2023:update9::::::
	cpe:2.3:a:adobe:coldfusion:2025:-::::::
	cpe:2.3:a:adobe:coldfusion:2025:update1::::::
	cpe:2.3:a:adobe:coldfusion:2025:update2::::::
	cpe:2.3:a:adobe:coldfusion:2025:update3::::::
	cpe:2.3:a:adobe:coldfusion:2025:update4::::::
	cpe:2.3:a:adobe:coldfusion:2025:update5::::::
	cpe:2.3:a:adobe:coldfusion:2025:update6::::::

History

16 Apr 2026, 14:41

Type	Values Removed	Values Added
CPE		cpe:2.3:a:adobe:coldfusion:2025:update4:::::: cpe:2.3:a:adobe:coldfusion:2023:update6:::::: cpe:2.3:a:adobe:coldfusion:2025:update1:::::: cpe:2.3:a:adobe:coldfusion:2023:update15:::::: cpe:2.3:a:adobe:coldfusion:2025:update2:::::: cpe:2.3:a:adobe:coldfusion:2023:update8:::::: cpe:2.3:a:adobe:coldfusion:2025:update6:::::: cpe:2.3:a:adobe:coldfusion:2023:update18:::::: cpe:2.3:a:adobe:coldfusion:2025:-:::::: cpe:2.3:a:adobe:coldfusion:2025:update3:::::: cpe:2.3:a:adobe:coldfusion:2023:update1:::::: cpe:2.3:a:adobe:coldfusion:2023:update13:::::: cpe:2.3:a:adobe:coldfusion:2023:-:::::: cpe:2.3:a:adobe:coldfusion:2023:update17:::::: cpe:2.3:a:adobe:coldfusion:2023:update7:::::: cpe:2.3:a:adobe:coldfusion:2023:update4:::::: cpe:2.3:a:adobe:coldfusion:2023:update5:::::: cpe:2.3:a:adobe:coldfusion:2023:update12:::::: cpe:2.3:a:adobe:coldfusion:2023:update3:::::: cpe:2.3:a:adobe:coldfusion:2025:update5:::::: cpe:2.3:a:adobe:coldfusion:2023:update9:::::: cpe:2.3:a:adobe:coldfusion:2023:update10:::::: cpe:2.3:a:adobe:coldfusion:2023:update14:::::: cpe:2.3:a:adobe:coldfusion:2023:update2:::::: cpe:2.3:a:adobe:coldfusion:2023:update11:::::: cpe:2.3:a:adobe:coldfusion:2023:update16::::::
References	~~() https://helpx.adobe.com/security/products/coldfusion/apsb26-38.html -~~	() https://helpx.adobe.com/security/products/coldfusion/apsb26-38.html - Vendor Advisory
First Time		Adobe Adobe coldfusion

14 Apr 2026, 22:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-04-14 22:16

Updated : 2026-04-16 14:41

NVD link : CVE-2026-27307

Mitre link : CVE-2026-27307

CVE.ORG link : CVE-2026-27307

JSON object : View

Products Affected

adobe

coldfusion

CWE

CWE-400

Uncontrolled Resource Consumption

2.4 /10