ColdFusion Improper Input Validation Bypass Security (2025.6)
CVE-2026-27282 Published on April 14, 2026

ColdFusion | Improper Input Validation (CWE-20)
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2026-27282 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
HIGH
Availability Impact:
NONE

Weakness Type

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.


Products Associated with CVE-2026-27282

Want to know whenever a new CVE is published for Adobe ColdFusion? stack.watch will email you.

Adobe ColdFusion
 

Affected Versions

Adobe ColdFusion: