Security · 1h ago
Adobe ColdFusion zero-day exploited in attacks after patch
Attackers are exploiting a maximum-severity Adobe ColdFusion vulnerability, CVE-2026-48282, the Canadian Center for Cyber Security warned. The flaw allows remote code execution and is being actively targeted. Adobe released a patch on December 10, but exploitation has now been confirmed.
Meridian48 take
The warning underscores how quickly attackers move once a patch is out, making it critical for organizations to prioritize updates for ColdFusion servers.
Read the full reporting
Max severity Adobe ColdFusion flaw now exploited in attacks →
Bleeping Computer
adobe-coldfusionzero-day-exploit