cbcvebase.
CVE-2026-47932
published 2026-06-09

CVE-2026-47932: ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability…

PriorityP263critical9.6CVSS 3.1
AVNACLPRNUIRSCCHIHAH
EPSS
7.62%
93.8th percentile
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access unauthorized files or directories outside the intended restrictions. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.

Affected

30 ranges· showing 25
VendorProductVersion rangeFixed in
adobecoldfusion<= 2025.8
adobecoldfusion
adobecoldfusion
adobecoldfusion
adobecoldfusion
adobecoldfusion
adobecoldfusion
adobecoldfusion
adobecoldfusion
adobecoldfusion
adobecoldfusion
adobecoldfusion
adobecoldfusion
adobecoldfusion
adobecoldfusion
adobecoldfusion
adobecoldfusion
adobecoldfusion
adobecoldfusion
adobecoldfusion
adobecoldfusion
adobecoldfusion
adobecoldfusion
adobecoldfusion
adobecoldfusion
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.