CVE Catalog

CVE-2026-48285

HighCVSS 8.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.44%

35th percentile — higher than 35% of all known CVEs

Summary

An SSRF vulnerability in ColdFusion allows bypassing security measures and unauthorized read access. Exploitation requires no user interaction and the scope is changed.

Risk Assessment

The organization is at risk of confidential data leakage via remote unauthenticated attack, potentially leading to system integrity compromise.

Recommendation

Immediately update ColdFusion to version 2025.10 or 2023.21, which contain the fix for this vulnerability.

Original NVD description (English source)

ColdFusion versions 2025.9, 2023.20 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction. Scope is changed.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS