ColdFusion versions 2025.9, 2023.20 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction. Scope is changed.
References
| Link | Resource |
|---|---|
| https://helpx.adobe.com/security/products/coldfusion/apsb26-68.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
30 Jun 2026, 20:40
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:adobe:coldfusion:2023:update15:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update11:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update9:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update16:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update7:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update10:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update4:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2025:update8:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update8:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update18:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2025:-:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update13:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update17:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2025:update5:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2025:update6:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update1:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update12:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2025:update2:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2025:update7:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update3:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update6:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update14:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update19:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2025:update4:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2025:update9:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:-:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2025:update3:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update5:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2025:update1:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update2:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update20:*:*:*:*:*:* |
|
| First Time |
Adobe coldfusion
Adobe |
|
| References | () https://helpx.adobe.com/security/products/coldfusion/apsb26-68.html - Vendor Advisory |
30 Jun 2026, 16:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-06-30 16:16
Updated : 2026-06-30 20:40
NVD link : CVE-2026-48285
Mitre link : CVE-2026-48285
CVE.ORG link : CVE-2026-48285
JSON object : View
Products Affected
adobe
- coldfusion
CWE
CWE-918
Server-Side Request Forgery (SSRF)
