PatchSiren cyber security CVE debrief
CVE-2026-47932 Adobe CVE debrief
CVE-2026-47932 is a Path Traversal vulnerability affecting Adobe ColdFusion versions 2023.19, 2025.8, and earlier. This vulnerability could result in a Security feature bypass, allowing an attacker to access unauthorized files or directories outside the intended restrictions. Exploitation of this issue requires user interaction, as a victim must open a malicious file.
- Vendor
- Adobe
- Product
- ColdFusion
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-10
Who should care
Administrators and users of Adobe ColdFusion versions 2023.19, 2025.8, and earlier should be aware of this vulnerability and take necessary precautions to mitigate the risk.
Technical summary
The vulnerability is caused by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') issue in Adobe ColdFusion. This allows an attacker to bypass security restrictions and access unauthorized files or directories.
Defensive priority
HIGH
Recommended defensive actions
- Apply the necessary patches and updates to Adobe ColdFusion as soon as possible.
- Restrict access to sensitive files and directories.
- Educate users on the risks of opening malicious files.
Evidence notes
The CVE-2026-47932 vulnerability has been confirmed by Adobe and has a CVSS score of 8.8, indicating a HIGH severity level.
Official resources
-
CVE-2026-47932 CVE record
CVE.org
-
CVE-2026-47932 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-47932 was published on 2026-06-09T21:17:23.170Z and modified on 2026-06-10T18:35:49.083Z.