CVE-2026-47928
CriticalCVSS 9.6Exploitation Probability (EPSS)
High risk82th percentile — higher than 82% of all known CVEs
Summary
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
Risk Assessment
The organization may be exposed to unauthorized code execution, potentially leading to serious security breaches and data loss.
Recommendation
It is recommended to update to the latest version of ColdFusion to mitigate this vulnerability and implement additional security measures.
Original NVD description (English source)
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.

