Adobe ColdFusion <2025.6 Improper Input Validation -> AEX CVE-2026-27306
CVE-2026-27306 Published on April 14, 2026

ColdFusion | Improper Input Validation (CWE-20)
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Attacker requires elevated privileges. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor Advisory NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

LOW

Privileges Required:

HIGH

User Interaction:

NONE

Scope:

CHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Products Associated with CVE-2026-27306

Want to know whenever a new CVE is published for Adobe ColdFusion? stack.watch will email you.

Adobe ColdFusion

Affected Versions

Adobe ColdFusion:

Before and including 2025.6 is affected.

Adobe ColdFusion <2025.6 Improper Input Validation -> AEX CVE-2026-27306CVE-2026-27306 Published on April 14, 2026

Vulnerability Analysis

Weakness Type

Improper Input Validation

Products Associated with CVE-2026-27306

Affected Versions

Adobe ColdFusion <2025.6 Improper Input Validation -> AEX CVE-2026-27306
CVE-2026-27306 Published on April 14, 2026