ColdFusion: High-Privileged Attackers Can Slow Down Your Website

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

2.4

ColdFusion: High-Privileged Attackers Can Slow Down Your Website

CVE-2026-27307

Summary

High-privileged attackers can exploit a weakness in older ColdFusion versions, causing your website to slow down or stop responding. This can happen even if an attacker doesn't interact with your website. To fix this, update to the latest version of ColdFusion.

Original title

Original description

ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. A high-privileged attacker could exploit this vulnerability and exhaust system resources, reducing application speed. Exploitation of this issue does not require user interaction.

nvd CVSS3.1 2.4

Vulnerability type

CWE-400 Uncontrolled Resource Consumption

https://helpx.adobe.com/security/products/coldfusion/apsb26-38.html

Published: 14 Apr 2026 · Updated: 16 Apr 2026 · First seen: 14 Apr 2026