CVE-2026-48328
ColdFusion | Improper Input Validation (CWE-20)
Vexday Risk Score
18Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.7EPSS —KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Lifecycle
14 Jul 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
ColdFusion is affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction. Scope is changed.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N