CVE-2026-48329

Summary

ColdFusion is affected by an Insufficient Session Expiration vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user interaction.

Affected Software

VendorProductVersion RangeStatus
AdobeColdFusion 20250 <= 10affected
AdobeColdFusion 202511unaffected
AdobeColdFusion 20230 <= 21affected
AdobeColdFusion 202322unaffected

Weaknesses

  • CWE-613: Insufficient Session Expiration (CWE-613)

References