[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f8TBA0K5GEj0vJM58yKQjIrBVmN98WL35etEmR2JJugc":3},{"article":4,"iocs":34},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":26,"category":27,"article_tags":31},"a1d584d1-2c0f-4540-865b-b939ce328350","Adobe Patches Critical ColdFusion, Campaign Classic Vulnerabilities","adobe-patches-critical-coldfusion-campaign-classic-vulnerabilities-296baa","Seven of the security defects have a maximum severity rating of 10\u002F10 and could lead to arbitrary code execution. The post Adobe Patches Critical ColdFusion, Campaign Classic Vulnerabilities appeared first on SecurityWeek.","Adobe has issued security updates to address multiple critical vulnerabilities in its ColdFusion and Campaign Classic products. Seven of these flaws carry the highest severity rating (10\u002F10) and could allow attackers to execute arbitrary code on affected systems. The vulnerabilities stem from issues like unrestricted file uploads, improper input validation, and path traversal.","Adobe releases patches for critical vulnerabilities in ColdFusion and Campaign Classic.","Adobe on Tuesday announced security updates for ColdFusion and Campaign Classic to resolve half a dozen maximum severity vulnerabilities. The update for Adobe Campaign Classic resolves CVE-2026-48286 (CVSS score of 10\u002F10), an incorrect authorization issue that could allow attackers to execute arbitrary code. Patches for the flaw were included in Adobe Campaign Classic version 7.4.3 build 9397, which is now rolling out to Windows and Linux users. Updates released for ColdFusion versions 2025 and 2023 address 11 security defects, including six that have a maximum severity rating of 10\u002F10. Tracked as CVE-2026-48276, CVE-2026-48277, CVE-2026-48281, CVE-2026-48316, CVE-2026-48282, and CVE-2026-48283, the vulnerabilities could lead to arbitrary code execution, Adobe’s advisory reveals. According to Adobe, these flaws are rooted in the unrestricted upload of files with dangerous types, improper input validation, and path traversal weaknesses.Advertisement. Scroll to continue reading. Two other critical-severity bugs resolved in ColdFusion, CVE-2026-48313 and CVE-2026-48315 (CVSS score of 9.3), are described as path traversal and improper input validation issues that could lead to arbitrary file system read and privilege escalation. The update also resolves CVE-2026-48307 (CVSS score of 8.8), an XSS defect leading to arbitrary code execution, CVE-2026-48285 (CVSS score of 8.6), a SSRF flaw leading to security feature bypass, and CVE-2026-48314, a medium-severity path traversal leading to privilege escalation. Fixes for all vulnerabilities were included in ColdFusion 2025 Update 10 and ColdFusion 2023 Update 21. Adobe says it is not aware of any public exploits targeting these security defects, but has assigned a priority rating of 1 to both security updates, which indicates that the flaws could end up being exploited in attacks. Users are advised to update their applications as soon as possible. Related: Apple Patches Dozens of Vulnerabilities Across iOS, macOS, and Safari Related: ‘DirtyClone’ Linux Kernel Vulnerability Leads to Root Access Related: BlueHammer Vulnerability Exploited in Ransomware Attacks Related: GitLab Patches Code Execution, Information Disclosure Vulnerabilities Written By Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights. More from Ionut Arghire Aflac Japan Data Breach Impacts 4.38 MillionExploitation of Recent Oracle E-Business Suite Vulnerability BeginsCritical SimpleHelp Vulnerability Exploited for Malware DeliveryQuantifind Raises $200 Million for AI-Native Risk IntelligenceResearchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer MachinesStraiker Raises $64 Million for AI Security Platform‘DirtyClone’ Linux Kernel Vulnerability Leads to Root AccessUS Offers $10 Million Bounty for Russian State Hackers as Messaging App Attacks Evolve Latest News Citrix Patches NetScaler Vulnerabilities, Including New ‘HTTP\u002F2 Bomb’ AttackFrontier AI: Six Questions Every Enterprise Should Ask Security VendorsApple Patches Dozens of Vulnerabilities Across iOS, macOS, and SafariDawnguard Raises $6.3 Million for Security Architecture Automation PlatformMassive Password Spray Campaign Targeting Azure CLIGoogle Patches 382 Chrome VulnerabilitiesBlueHammer Vulnerability Exploited in Ransomware AttacksDecades-Old Bash Tricks Expose AI Coding Agents to Supply Chain Attacks Trending Daily Briefing NewsletterSubscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Why Email Security Keeps Failing (And What Has to Change) July 8, 2026 Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more. Register Virtual Event: 2026 Cloud Security Summit July 16, 2026 This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments. Register People on the MoveTracey Mustacchio has joined Everfox as Chief Marketing Officer.Mark Carter has been appointed Chief Information Security Officer at Socure.Spektrum Labs has named Mark Cravotta Chief Operating Officer.More People On The MoveExpert Insights Frontier AI: Six Questions Every Enterprise Should Ask Security Vendors From model selection and automation to validation and measurable results, the right questions can help enterprises separate genuine AI capabilities from marketing hype. (Joshua Goldfarb) The AI Token Costs That Can Break Cybersecurity As cybersecurity platforms embrace agentic AI, organizations must balance detection performance against the escalating costs of token consumption, deployment architecture, and AI credits. (Danelle Au) When Information Becomes the Attack Surface – Understanding AI Agent Traps From hidden content injections to cognitive state poisoning, attackers are turning trusted data sources into traps for autonomous AI. (Etay Maor) What the Latest ShinyHunters Breaches Reveal About Modern Cyberattacks Groups like ShinyHunters are demonstrating that attackers do not necessarily need malware or zero-day exploits to cause massive damage. (Torsten George) No Exploits Required Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures. (Tod Beardsley) Flipboard Reddit Whatsapp Whatsapp Email","https:\u002F\u002Fwww.securityweek.com\u002Fadobe-patches-critical-coldfusion-campaign-classic-vulnerabilities\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2023\u002F07\u002FAdobe.jpg","2026-07-01T11:27:07+00:00","2026-07-01T12:00:25.50786+00:00",8,[18,21,23],{"name":19,"type":20},"ColdFusion","product",{"name":22,"type":20},"Campaign Classic",{"name":24,"type":25},"Adobe","vendor","80544778-fabb-4dcd-aa35-17492e5dcf4f",{"id":26,"icon":28,"name":29,"slug":30},null,"Vulnerabilities","vulnerabilities",[32],{"category":33},{"id":26,"icon":28,"name":29,"slug":30},[35,39,42,44,46,48,50,52,55,57,60,63],{"type":36,"value":37,"context":38},"cve","CVE-2026-48286","Adobe Campaign Classic vulnerability allowing arbitrary code execution.",{"type":36,"value":40,"context":41},"CVE-2026-48276","ColdFusion vulnerability allowing arbitrary code execution.",{"type":36,"value":43,"context":41},"CVE-2026-48277",{"type":36,"value":45,"context":41},"CVE-2026-48281",{"type":36,"value":47,"context":41},"CVE-2026-48316",{"type":36,"value":49,"context":41},"CVE-2026-48282",{"type":36,"value":51,"context":41},"CVE-2026-48283",{"type":36,"value":53,"context":54},"CVE-2026-48313","ColdFusion vulnerability allowing arbitrary file read and privilege escalation.",{"type":36,"value":56,"context":54},"CVE-2026-48315",{"type":36,"value":58,"context":59},"CVE-2026-48307","ColdFusion XSS vulnerability leading to arbitrary code execution.",{"type":36,"value":61,"context":62},"CVE-2026-48285","ColdFusion SSRF vulnerability leading to security feature bypass.",{"type":36,"value":64,"context":65},"CVE-2026-48314","ColdFusion medium-severity path traversal leading to privilege escalation."]