PatchSiren cyber security CVE debrief
CVE-2026-47931 Adobe CVE debrief
CVE-2026-47931 is a HIGH-severity vulnerability (CVSS Score: 8.4) affecting ColdFusion versions 2023.19, 2025.8, and earlier. This Improper Input Validation vulnerability could result in arbitrary code execution in the context of the current user, with exploitation not requiring user interaction. The scope of this vulnerability has been changed. For more information, refer to [cve-org] and [nvd].
- Vendor
- Adobe
- Product
- ColdFusion
- CVSS
- HIGH 8.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-10
Who should care
Developers and administrators using ColdFusion versions 2023.19, 2025.8, and earlier should prioritize patching this vulnerability to prevent potential arbitrary code execution.
Technical summary
The vulnerability is caused by Improper Input Validation in ColdFusion. This could allow an attacker to execute arbitrary code in the context of the current user. The vulnerability has a CVSS Score of 8.4 and a CVSS Severity of HIGH. The CVSS Vector is CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H. The weakness associated with this vulnerability is CWE-20.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or updates provided by the vendor to vulnerable systems as soon as possible.
- Review and update security configurations to minimize the attack surface.
- Monitor systems for suspicious activity.
Evidence notes
Evidence suggests that Adobe is the affected vendor, as indicated by [ref-4].
Official resources
-
CVE-2026-47931 CVE record
CVE.org
-
CVE-2026-47931 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-47931 was published on 2026-06-09T21:17:23.050Z and modified on 2026-06-10T18:35:49.083Z.