vulnerability context

CVE-2026-47928

CVSS 9.6 CRITICALEPSS 95%CWE-20OTX 3 pulses

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.

Published 2026-06-09 · last modified 2026-06-17

details

CISA KEV status: Not in catalog
CVSS v3: 9.6 / CRITICAL
CVSS vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS: 95% percentile (score 0.0887)
CWE: CWE-20
OTX pulses: 3 total, 0 recent

View on NVD → · cve.org

source mentions 2

[Security Cyber] 🚨 ALERT: CVE-2026-47928 CVSS 9.6/10 📋 WHAT IT IS: ColdFusion versions 2023.19, 2025.8 and earlier are af...Bluesky · 1d ago
[Security Cyber] 🚨 CRITICAL ALERT: CVE-2026-47928 CVSS 9.6/10 📋 WHAT IT IS: ColdFusion versions 2023.19, 2025.8 and earlie...Bluesky · 3d ago

source consensus

Bluesky2×

Want the 3-bullet summary of CVE-2026-47928, plus webhook alerts when KEV is updated? Pro is $10/mo.

Open in reader See Pro →