ColdFusion UCRV: DDoS via Uncontrolled Resource Consumption (2025.6)
CVE-2026-27307 Published on April 14, 2026

ColdFusion | Uncontrolled Resource Consumption (CWE-400)
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. A high-privileged attacker could exploit this vulnerability and exhaust system resources, reducing application speed. Exploitation of this issue does not require user interaction.

Vendor Advisory NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

LOW

Privileges Required:

HIGH

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

NONE

Integrity Impact:

NONE

Availability Impact:

LOW

Weakness Type

What is a Resource Exhaustion Vulnerability?

The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVE-2026-27307 has been classified to as a Resource Exhaustion vulnerability or weakness.

Products Associated with CVE-2026-27307

Want to know whenever a new CVE is published for Adobe ColdFusion? stack.watch will email you.

Adobe ColdFusion

Affected Versions

Adobe ColdFusion:

Before and including 2025.6 is affected.

ColdFusion UCRV: DDoS via Uncontrolled Resource Consumption (2025.6)CVE-2026-27307 Published on April 14, 2026

Vulnerability Analysis

Weakness Type

What is a Resource Exhaustion Vulnerability?

Products Associated with CVE-2026-27307

Affected Versions

ColdFusion UCRV: DDoS via Uncontrolled Resource Consumption (2025.6)
CVE-2026-27307 Published on April 14, 2026