Security · 2h ago
CISA Adds Critical Adobe ColdFusion RCE Bug to KEV Catalog
CISA added CVE-2026-48282, a CVSS 10.0 path traversal vulnerability in Adobe ColdFusion, to its Known Exploited Vulnerabilities catalog due to active exploitation. The flaw allows unauthenticated remote code execution, targeting healthcare, finance, and government systems. Three other vulnerabilities in Joomla and Langflow were also added, highlighting supply chain risks.
Meridian48 take
The inclusion of Langflow, an AI orchestration tool, signals that attackers are now targeting AI infrastructure, a trend that demands urgent attention from security teams.
Read the full reporting
CISA KEV Additions: Adobe ColdFusion RCE & Supply Chain Exploitation →
DEV Community
cisa-kevadobe-coldfusion