ColdFusion versions 2023.18 and earlier: Attackers could bypass security features

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.5

ColdFusion versions 2023.18 and earlier: Attackers could bypass security features

CVE-2026-27282

Summary

Certain versions of ColdFusion are vulnerable to an input validation issue. An attacker could trick a user into doing something that lets them access the system without permission. To protect your system, update to a fixed version of ColdFusion or patch the affected versions.

Original title

Original description

ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction.

nvd CVSS3.1 7.5

Vulnerability type

CWE-20 Improper Input Validation

https://helpx.adobe.com/security/products/coldfusion/apsb26-38.html

Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026