Unrated severityCISA KEVNVD Advisory· Published Mar 23, 2023· Updated Oct 21, 2025
Adobe ColdFusion Deserialization of Untrusted Data Arbitrary code execution
CVE-2023-26359
Description
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
Affected products
22018 <= 2018 Update 15; 2021 <= 2021 Update 5+ 1 more
- (no CPE)range: 2018 <= 2018 Update 15; 2021 <= 2021 Update 5
- (no CPE)range: unspecified
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.