Adobe Warns of Zero-Day Exploits in ColdFusion

March 14, 2023

Adobe has issued an urgent warning about "very limited attacks" exploiting a zero-day vulnerability in its Adobe ColdFusion web app development platform. The company said that CVE-2023-26360 has been exploited in-the-wild in very limited attacks targeting Adobe ColdFusion. According to Adobe's PSIRT, the patches cover software defects that “could lead to arbitrary code execution, arbitrary file system read and memory leak.”

The ColdFusion update also features a second critical bug (CVSS 9.8) that could lead to code execution attacks. In addition, Adobe released patches for a whopping 106 vulnerabilities in a wide range of products, some serious enough to expose both Windows and macOS users to remote code execution attacks.

"Adobe is aware that CVE-2023-26360 has been exploited in-the-wild in very limited attacks targeting Adobe ColdFusion," said Adobe. "The patches cover software defects that could lead to arbitrary code execution, arbitrary file system read and memory leak."

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.