CVE-2026-27282
HIGH WAF: Medium
CVSS 7.5
Published: 2026-04-14
CWE-20
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction.
WAF Coverage Analysis
Improper Input Validation
Medium WAF Coverage
OWASP: A03:2021 Injection
920xxx - Protocol Enforcement 941xxx - XSS / XXE 942xxx - SQL Injection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| adobe | coldfusion | 2023 |
| adobe | coldfusion | 2023 |
| adobe | coldfusion | 2023 |
| adobe | coldfusion | 2023 |
| adobe | coldfusion | 2023 |
| adobe | coldfusion | 2023 |
| adobe | coldfusion | 2023 |
| adobe | coldfusion | 2023 |
| adobe | coldfusion | 2023 |
| adobe | coldfusion | 2023 |
References
- helpx.adobe.com (Vendor Advisory)