PatchSiren cyber security CVE debrief
CVE-2026-47928 Adobe CVE debrief
CVE-2026-47928 is a CRITICAL vulnerability with a CVSS score of 9.6. Affected ColdFusion versions include 2023.19, 2025.8, and earlier. The vulnerability is caused by Improper Input Validation, which could result in arbitrary code execution in the context of the current user. Exploitation does not require user interaction.
- Vendor
- Adobe
- Product
- ColdFusion
- CVSS
- CRITICAL 9.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-10
Who should care
Administrators and users of Adobe ColdFusion versions 2023.19, 2025.8, and earlier should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability is caused by Improper Input Validation (CWE-20) in ColdFusion versions 2023.19, 2025.8, and earlier. This could result in arbitrary code execution in the context of the current user. The CVSS vector is CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.
Defensive priority
High
Recommended defensive actions
- Apply the patch from Adobe: [ref-4](https://helpx.adobe.com/security/products/coldfusion/apsb26-64.html)
Evidence notes
The vendor is likely Adobe, based on the reference to the Adobe PSIRT.
Official resources
-
CVE-2026-47928 CVE record
CVE.org
-
CVE-2026-47928 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-47928 was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-47928) and last modified on [cveModifiedAt](https://nvd.nist.gov/vuln/detail/CVE-2026-47928).