Virtual Event Today: Cloud & Data Security Summit - Join Event In-Progress
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Adobe Patches Critical ColdFusion Vulnerabilities

The ColdFusion security defects could allow attackers to execute arbitrary code or elevate their privileges.

Adobe vulnerabilities

Adobe on Tuesday rolled out security updates for 12 products to address 88 vulnerabilities, including critical-severity bugs in ColdFusion, Commerce, Experience Manager, and Illustrator.

Out of 13 security defects resolved in ColdFusion, eight – CVE-2026-48318, CVE-2026-48322, CVE-2026-48284, CVE-2026-48321, CVE-2026-48325, CVE-2026-48319, CVE-2026-48324, and CVE-2026-48327 – are critical issues that could lead to arbitrary code execution and privilege escalation.

The critical vulnerabilities include path traversal, code injection, improper input validation, missing authentication, SQL injection, and incorrect authorization.

Adobe’s fresh advisory has a priority 1 rating, meaning that customers should apply the patches as soon as possible. ColdFusion 2025 update 11 and ColdFusion 2023 update 22 resolve all the bugs.

The fresh patches come only two weeks after Adobe patched six maximum-severity weaknesses in ColdFusion, including one that hackers started exploiting in attacks within hours of public disclosure.

On Tuesday, Adobe also resolved 13 vulnerabilities in Commerce, including two critical-severity bugs. Tracked as CVE-2026-48356 and CVE-2026-48358, they could lead to privilege escalation and arbitrary code execution.

Advertisement. Scroll to continue reading.

The fresh update for Experience Manager also patches 13 security defects, including two critical bugs, tracked as CVE-2026-48259 and CVE-2026-48359. Both can be exploited for arbitrary code execution.

Another critical issue was resolved in Illustrator, along with four other weaknesses. Tracked as CVE-2026-48334 and described as improper input validation, the critical flaw could be exploited for privilege escalation.

On Tuesday, Adobe also announced updates for Content Credentials SDK (12 vulnerabilities), Animate (6 flaws), Audition (6), Bridge (6), Media Encoder (5), Premiere Pro (4), After Effects (3), and Creative Cloud Desktop Application (2).

Adobe says it is not aware of any of these vulnerabilities being exploited in the wild. Users are advised to apply the patches as soon as possible. Additional information can be found on Adobe’s security bulletins page.

Microsoft’s latest Patch Tuesday updates fix a record-breaking 622 flaws, including two actively exploited zero-days.

Related: 7 Severe Vulnerabilities Patched in VMware Avi Load Balancer

Related: SAP Patches Critical Vulnerabilities in NetWeaver, Approuter, Commerce Cloud

Related: RabbitMQ Vulnerability Threatens Enterprise Systems

Related: Organizations Warned of Exploited Joomla Extension Vulnerabilities

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

N-able has appointed Russell Rosa as Chief Revenue Officer.

Stacy O'Mara has joined Armadin as Chief Policy Officer and Director of Global Government Affairs.

F5 has appointed Cathy Peterman as Chief People Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.