Overview
- Adobe released security updates for ColdFusion on June 30 to fix a path‑traversal bug (CVE‑2026‑48282) that can let unauthenticated attackers write files and achieve remote code execution.
- Researchers including KEVIntel’s Ryan Dewhurst observed exploitation attempts within hours of the June 30 disclosure, with activity traced to IP 103.207.14[.]220 and telemetry from multiple firms documenting probes and web‑shell drops.
- On Wednesday CISA added CVE‑2026‑48282 to its Known Exploited Vulnerabilities catalog and ordered federal civilian agencies to apply fixes on an accelerated timetable to reduce large‑scale automated attacks.
- Defenders are advised to install Adobe’s ColdFusion updates, hunt for unauthorized files and web shells under CFIDE and web roots, and disable or secure Remote Development Services (RDS) when it is enabled without authentication.
- The incident is part of a wider pattern this month in which disclosed flaws in Joomla page builders and the Langflow AI platform were weaponized quickly, showing shorter windows for organizations to test and deploy patches.