VYPR
Unrated severityCISA KEVNVD Advisory· Published Mar 23, 2023· Updated Oct 21, 2025

Adobe ColdFusion Deserialization of Untrusted Data Arbitrary code execution

CVE-2023-26359

Description

Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.

Affected products

2
  • Adobe Inc./Coldfusionllm-fuzzy2 versions
    2018 <= 2018 Update 15; 2021 <= 2021 Update 5+ 1 more
    • (no CPE)range: 2018 <= 2018 Update 15; 2021 <= 2021 Update 5
    • (no CPE)range: unspecified

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.