ColdFusion: Unauthorized Access to Files Through Path Traversal

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.7

ColdFusion: Unauthorized Access to Files Through Path Traversal

CVE-2026-34619

Summary

ColdFusion versions 2023.18 and earlier have a security flaw that allows an attacker to access files they shouldn't be able to. This could happen without the user knowing, and it's a serious issue that needs to be addressed by updating to a fixed version.

Original title

Original description

ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access unauthorized files or directories outside the intended restrictions. Exploitation of this issue does not require user interaction.

nvd CVSS3.1 7.7

Vulnerability type

CWE-22 Path Traversal

https://helpx.adobe.com/security/products/coldfusion/apsb26-38.html

Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026