CRITICAL: Adobe ColdFusion Bug (CVE-2026-48282) Weaponized Within Hours as CISA Starts the Patch Clock
Adobe ColdFusion is under active attack through CVE-2026-48282, a CVSS 10.0 path traversal flaw in the Remote Development Services component that hands unauthenticated attackers remote code execution. Exploitation began within about two hours of disclosure, and CISA has added it to its Known Exploited Vulnerabilities catalog with a July 10 federal patch deadline. Patch to ColdFusion 2025 update 10 or 2023 update 21 now.