PatchSiren cyber security CVE debrief

CVE-2026-47929 Adobe CVE debrief

CVE-2026-47929 is a HIGH-severity vulnerability in ColdFusion, a product of Adobe. The vulnerability, which has a CVSS score of 8.4, is caused by an Incorrect Authorization issue. This could allow a high-privileged attacker to execute arbitrary code in the context of the current user, potentially gaining elevated access or control over the victim's account or session. The exploitation of this issue does not require user interaction.

Vendor: Adobe
Product: ColdFusion
CVSS: HIGH 8.4
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-06-09
Original CVE updated: 2026-06-10
Advisory published: 2026-06-09
Advisory updated: 2026-06-10

Who should care

Administrators and users of ColdFusion versions 2023.19, 2025.8 and earlier should be aware of this vulnerability and take necessary actions to mitigate the risk.

Technical summary

The vulnerability exists in ColdFusion versions 2023.19, 2025.8 and earlier. It is characterized as an Incorrect Authorization issue, which could lead to arbitrary code execution in the context of the current user. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 8.4, indicating a HIGH severity level. The CVSS vector for this vulnerability is CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H.

Defensive priority

High

Recommended defensive actions

Apply the necessary patches or updates provided by the vendor to address the vulnerability.
Restrict access to ColdFusion instances to only trusted users and networks.
Monitor ColdFusion instances for any suspicious activity.

Evidence notes

The CVE was published on 2026-06-09T21:17:22.813Z and modified on 2026-06-10T18:35:49.083Z. The vendor is likely Adobe, based on the evidence provided.

Official resources

CVE-2026-47929 was published on 2026-06-09T21:17:22.813Z and modified on 2026-06-10T18:35:49.083Z.