Adobe Patches Critical ColdFusion, Campaign Classic Vulnerabilities
Adobe on Tuesday announced security updates for ColdFusion and Campaign Classic to resolve half a dozen maximum severity vulnerabilities.
The update for Adobe Campaign Classic resolvesCVE-2026-48286 (CVSS score of 10/10), an incorrect authorization issue that could allow attackers to execute arbitrary code.
Patches for the flaw were included in Adobe Campaign Classic version 7.4.3 build 9397, which is now rolling out to Windows and Linux users.
Updates released for ColdFusion versions 2025 and 2023 address 11 security defects, including six that have a maximum severity rating of 10/10.
Tracked as CVE-2026-48276, CVE-2026-48277, CVE-2026-48281, CVE-2026-48316, CVE-2026-48282, and CVE-2026-48283, the vulnerabilities could lead to arbitrary code execution, Adobe’s advisory reveals.
According to Adobe, these flaws are rooted in the unrestricted upload of files with dangerous types, improper input validation, and path traversal weaknesses.
Advertisement. Scroll to continue reading.
Two other critical-severity bugs resolved in ColdFusion, CVE-2026-48313 and CVE-2026-48315 (CVSS score of...
Copyright of this story solely belongs to securityweek.com. To see the full text click HERE