Powered by MOMENTUMMEDIA
For breaking news and daily updates, subscribe to our newsletter

Patch now! Active exploitation of a perfect 10 Adobe ColdFusion vulnerability is underway

Hackers are targeting one of several max-severity vulnerabilities that Adobe recently addressed, with customers urged to patch immediately.

Tue, 07 Jul 2026
Patch now! Active exploitation of a perfect 10 Adobe ColdFusion vulnerability is underway

Just days after creative giant Adobe released a raft of patches addressing seven critical-severity vulnerabilities across its ColdFusion web app development and Campaign Classic marketing platforms, security analysts have observed active exploitation of at least one of the vulnerabilities.

CVE-2026-48282 was first disclosed on 30 June, and – according to cyber security researcher Ryan Dewhurst – was actively targeted almost immediately.

“Within under two hours of CVE-2026-48282 public details being released, KEVIntel captured in-the-wild exploitation within our global honeypot network,” Dewhurst said in a 2 July social media post.

 
 

“If you’ve not already patched, update immediately!”

Dewhurst’s KEVIntel feed currently lists two exploitation attempts on 2 and 3 July, both appearing to originate from an Indian IP address. Dark Web Informer has more details on the activity.

“According to reported exploitation activity, attackers began probing for the vulnerability shortly after public details were released,” the threat intelligence platform said on 6 July.

“Observed activity included unauthenticated attempts to read and write arbitrary files, raising the risk for exposed ColdFusion servers that have not yet been updated.”

CVE-2026-48282 impacts ColdFusion versions 2025.9, 2023.20, and earlier and is a path traversal vulnerability that could lead to the execution of arbitrary code. Adobe said at the time of disclosure that it had not observed any in-the-wild exploitation, but nonetheless urged users to upgrade immediately.

Cyber security firm watchTowr released its own analysis of the vulnerability in a 2 July blog post, in which it outlined just why this vulnerability is worth addressing.

“For those of you unaware, this isn’t Adobe’s first security advisory. In fact, history shows us that the RDS feature of ColdFusion has been a main character many times, with many of the most recent security patches being focused on resolving vulnerabilities within the RDS module,” watchTowr said.

“For those unfamiliar with it, RDS (Remote Development Services) is a ColdFusion feature that allows a developer’s IDE, historically ColdFusion Builder, Dreamweaver, or the Eclipse plugin, to interact with a running ColdFusion server. It can browse the filesystem, execute database queries, and assist with debugging, all over HTTP. Under the hood, it is essentially a small RPC protocol.”

You can read watchTowr’s full analysis here, and find Adobe’s Security Bulletin here.

Cyber DailyWant to see more stories from trusted news sources?
Make Cyber Daily a preferred news source on Google.
Tags:

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.