{"id":286483,"date":"2026-07-06T16:15:00","date_gmt":"2026-07-06T20:15:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/07\/06\/adobe-coldfusion-flaw-cve-2026-48282-now-exploited-in-the-wild\/"},"modified":"2026-07-06T17:40:10","modified_gmt":"2026-07-06T21:40:10","slug":"adobe-coldfusion-flaw-cve-2026-48282-now-exploited-in-the-wild","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/07\/06\/adobe-coldfusion-flaw-cve-2026-48282-now-exploited-in-the-wild\/","title":{"rendered":"Adobe ColdFusion flaw CVE-2026-48282 now exploited in the wild"},"content":{"rendered":"<p><a href=\"https:\/\/securityaffairs.com\/194837\/hacking\/adobe-coldfusion-flaw-cve-2026-48282-now-exploited-in-the-wild.html\">Adobe ColdFusion flaw CVE-2026-48282 now exploited in the wild<\/a><\/p>\n<p><a href=\"https:\/\/securityaffairs.com\/194837\/hacking\/adobe-coldfusion-flaw-cve-2026-48282-now-exploited-in-the-wild.html\">https:\/\/securityaffairs.com\/194837\/hacking\/adobe-coldfusion-flaw-cve-2026-48282-now-exploited-in-the-wild.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-07-06 16:15:00<\/a><\/p>\n<p>Source Domain: <a href=\"securityaffairs.com\">securityaffairs.com<\/a><\/p>\n<p><h2>Adobe ColdFusion flaw CVE-2026-48282 now exploited in the wild<\/h2>\n<\/p>\n<p>\t\t\t\t\t\t\t<span> Pierluigi Paganini<\/span><br \/>\n\t\t\t\t\t\t\t<span><img decoding=\"async\" src=\"https:\/\/securityaffairs.com\/wp-content\/themes\/security_affairs\/images\/clock-icon.svg\" alt=\"\"\/> July 06, 2026<\/span><\/p>\n<p>\t\t\t\t\t\t<img decoding=\"async\" class=\"img-fluid mb-4\" src=\"https:\/\/i0.wp.com\/securityaffairs.com\/wp-content\/uploads\/2020\/08\/Stringlifier-Adobe.png?fit=851%2C405&#038;ssl=1\" alt=\"\"\/><\/p>\n<h2 class=\"wp-block-heading\">Attackers are exploiting the critical Adobe ColdFusion flaw CVE-2026-48282, which allows remote code execution on unpatched servers.<\/h2>\n<p class=\"wp-block-paragraph\">Attackers have started exploiting CVE-2026-48282, a maximum-severity vulnerability in Adobe ColdFusion. The flaw is a path traversal issue that could result in arbitrary code execution without authentication. It affects ColdFusion 2025.9, 2023.20, and earlier versions, allowing remote attackers to execute code on vulnerable servers.<\/p>\n<p class=\"wp-block-paragraph\">The company warned that the vulnerability is easy to exploit and is likely to be exploited in attacks in the wild.<\/p>\n<p class=\"wp-block-paragraph\">KEVIntel researchers reported that Less than two hours after details of CVE-2026-48282 became public, attackers started exploiting it in attacks in the wild. <\/p>\n<p class=\"wp-block-paragraph\">KEVIntel founder\u00a0Ryan Dewhurst reported that the attacks originated from the IP address 103.207.14[.]220 by an attacker located in India.<\/p>\n<p lang=\"en\" dir=\"ltr\">\ud83d\udea8Within under two hours of CVE-2026-48282 public details being released, KEVIntel captured in-the-wild exploitation within our global honeypot network.<\/p>\n<p>Unauthenticated Arbitrary File Write &#038; Read in Adobe ColdFusion<\/p>\n<p>Attacker location: India<br \/>Attacker IP: 103.207.14[.]220<\/p>\n<p>If\u2026 pic.twitter.com\/fok7ZQ56Gy<\/p>\n<p>\u2014 Ryan Dewhurst (@ethicalhack3r) July 2, 2026<\/p>\n<p class=\"wp-block-paragraph\">Organizations running Adobe ColdFusion should install the latest security updates as soon as possible to protect their systems from ongoing attacks.<\/p>\n<p class=\"wp-block-paragraph\">In February 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA)\u00a0added\u00a0 another\u00a0Adobe ColdFusion Deserialization Vulnerability, tracked as CVE-2017-3066, to its\u00a0Known Exploited Vulnerabilities (KEV) catalog.<\/p>\n<p class=\"wp-block-paragraph\">Early this year, GreyNoise reported a coordinated campaign exploiting about a dozen Adobe ColdFusion vulnerabilities, with thousands of attack attempts observed during the Christmas 2025 holiday&#8230;.<br \/>\n<br \/><a href=\"https:\/\/securityaffairs.com\/194837\/hacking\/adobe-coldfusion-flaw-cve-2026-48282-now-exploited-in-the-wild.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Adobe ColdFusion flaw CVE-2026-48282 now exploited in the wild https:\/\/securityaffairs.com\/194837\/hacking\/adobe-coldfusion-flaw-cve-2026-48282-now-exploited-in-the-wild.html Publish Date: 2026-07-06 16:15:00 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":286484,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2020\/08\/Stringlifier-Adobe.png","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,31,27],"class_list":["post-286483","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-exploit","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/286483"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=286483"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/286483\/revisions"}],"predecessor-version":[{"id":286485,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/286483\/revisions\/286485"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/286484"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=286483"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=286483"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=286483"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}