Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

Adobe Patches Critical ColdFusion, Campaign Classic Vulnerabilities

0
Critical
Vulnerability
Published: 07/01/2026 (07/01/2026, 11:27:07 UTC)
Source: SecurityWeek

Description

Adobe has released security updates addressing multiple critical vulnerabilities in ColdFusion and Campaign Classic. Seven vulnerabilities have a maximum severity rating of 10/10 and could allow arbitrary code execution. The Campaign Classic update fixes an incorrect authorization issue in version 7.4.3 build 9397. ColdFusion updates for versions 2025 and 2023 fix 11 security defects, including critical issues related to file upload, input validation, and path traversal. Additional vulnerabilities include privilege escalation, arbitrary file system read, cross-site scripting, and server-side request forgery. Adobe advises users to update their applications promptly. No known exploits are currently reported in the wild.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/01/2026, 11:36:35 UTC

Technical Analysis

Adobe patched multiple critical vulnerabilities in ColdFusion (versions 2025 and 2023) and Campaign Classic (version 7.4.3 build 9397). The Campaign Classic vulnerability CVE-2026-48286 is an incorrect authorization flaw with a CVSS score of 10.0 that could lead to arbitrary code execution. ColdFusion updates address 11 vulnerabilities, including six with a CVSS score of 10.0 (CVE-2026-48276, CVE-2026-48277, CVE-2026-48281, CVE-2026-48316, CVE-2026-48282, CVE-2026-48283) related to unrestricted file uploads, improper input validation, and path traversal. Other critical issues include path traversal and privilege escalation (CVE-2026-48313, CVE-2026-48315), cross-site scripting (CVE-2026-48307), SSRF (CVE-2026-48285), and medium severity path traversal (CVE-2026-48314). Adobe has assigned a priority rating of 1 to these updates, indicating high exploitation potential, though no active exploits are known. Users should apply ColdFusion 2025 Update 10, ColdFusion 2023 Update 21, and Campaign Classic 7.4.3 build 9397 to remediate these issues.

Potential Impact

The vulnerabilities could allow attackers to execute arbitrary code, read arbitrary files, escalate privileges, bypass security features, and perform cross-site scripting attacks. This could lead to full compromise of affected systems running ColdFusion or Campaign Classic if exploited. The severity ratings of 10/10 for multiple vulnerabilities indicate critical risk. No public exploits are currently known, but Adobe considers the risk high enough to prioritize patching.

Mitigation Recommendations

Adobe has released official patches for all identified vulnerabilities. Users should update to Adobe Campaign Classic version 7.4.3 build 9397, ColdFusion 2025 Update 10, and ColdFusion 2023 Update 21 as soon as possible. There are no indications that additional mitigations are required beyond applying these updates. Adobe manages remediation for these on-premises products; users must apply patches themselves.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Article Source
{"url":"https://www.securityweek.com/adobe-patches-critical-coldfusion-campaign-classic-vulnerabilities/","fetched":true,"fetchedAt":"2026-07-01T11:36:23.137Z","wordCount":968}

Threat ID: 6a44fbb727e9c7971967e478

Added to database: 07/01/2026, 11:36:23 UTC

Last enriched: 07/01/2026, 11:36:35 UTC

Last updated: 07/01/2026, 13:11:19 UTC

Views: 44

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses