CVE-2026-48338 PUBLISHED

ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

Assigner: adobe
Reserved: 21.05.2026 Published: 14.07.2026 Updated: 14.07.2026

ColdFusion is affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue does not require user interaction. Scope is changed.

Metrics

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CVSS Score: 6.8

Product Status

Vendor Adobe
Product ColdFusion 2025
Versions Default: affected
  • affected from 0 to 10 (incl.)
  • Version 11 is unaffected
Vendor Adobe
Product ColdFusion 2023
Versions Default: affected
  • affected from 0 to 21 (incl.)
  • Version 22 is unaffected

References

Problem Types

  • Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22) CWE