Particle.news

Attackers Exploit CVE-2026-48282 in Adobe ColdFusion

Telemetry shows probes and unauthenticated file‑write attempts hours after Adobe released emergency patches, prompting urgent remediation advice.

Overview

  • CVE-2026-48282 is a maximum‑severity path‑traversal flaw that can allow unauthenticated remote arbitrary code execution on ColdFusion 2025.9, 2023.20 and earlier.
  • Adobe published fixes in APSB26-68 on June 30 and recommended immediate installation of ColdFusion 2025 update 10 or ColdFusion 2023 update 21 to block exploitation.
  • KEVIntel’s honeypots recorded exploitation attempts within roughly two hours of public disclosure, with probes and unauthenticated read/write and upload activity observed on July 2 from an IP reported as 103.207.14[.]220.
  • Internet scanning groups report about 750–800 ColdFusion instances exposed online but cannot say how many remain unpatched or have RDS enabled, which is the risky feature attackers exploit when it is unauthenticated.
  • U.S. and international authorities have begun treating the flaw as actively exploited with CISA adding CVE-2026-48282 to its KEV list and defenders urged to patch, hunt for unauthorized files in web roots and /CFIDE/, and monitor for web‑accessible shells.