Adobe ColdFusion 2023.19/2025.8 Incorrect Auth Arbitrary Code Exec
CVE-2026-47929 Published on June 9, 2026

ColdFusion | Incorrect Authorization (CWE-863)
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could exploit this vulnerability to gain elevated access or control over the victim's account or session. Exploitation of this issue does not require user interaction. Scope is changed.

Vendor Advisory NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

LOW

Privileges Required:

HIGH

User Interaction:

NONE

Scope:

CHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

What is an AuthZ Vulnerability?

The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

CVE-2026-47929 has been classified to as an AuthZ vulnerability or weakness.

Products Associated with CVE-2026-47929

Want to know whenever a new CVE is published for Adobe ColdFusion? stack.watch will email you.

Adobe ColdFusion

Affected Versions

Adobe ColdFusion:

Before and including 2025.8 is affected.

Adobe ColdFusion 2023.19/2025.8 Incorrect Auth Arbitrary Code ExecCVE-2026-47929 Published on June 9, 2026

Vulnerability Analysis

Weakness Type

What is an AuthZ Vulnerability?

Products Associated with CVE-2026-47929

Affected Versions

Adobe ColdFusion 2023.19/2025.8 Incorrect Auth Arbitrary Code Exec
CVE-2026-47929 Published on June 9, 2026