Adobe ColdFusion versions 2023.18 and earlier: High-privilege attacker can slow down your app

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

2.4

Adobe ColdFusion versions 2023.18 and earlier: High-privilege attacker can slow down your app

CVE-2026-27308

Summary

A malicious person with high-level access can use this flaw to exhaust your system's resources, making your ColdFusion application run slowly or even shut down. This requires no action from regular users, but it's still a serious issue for administrators. You should update to the latest version of ColdFusion to prevent this problem.

Original title

Original description

ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. A high-privileged attacker could exploit this vulnerability and exhaust system resources, reducing application speed. Exploitation of this issue does not require user interaction.

nvd CVSS3.1 2.4

Vulnerability type

CWE-400 Uncontrolled Resource Consumption

https://helpx.adobe.com/security/products/coldfusion/apsb26-38.html

Published: 14 Apr 2026 · Updated: 16 Apr 2026 · First seen: 14 Apr 2026