CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-48282

criticalknown exploitedpublic exploitCVSS 10covered by 7 sourcesfirst seen 2026-06-30
Actively exploited. CVE-2026-48282 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2026-07-07) — exploitation has been observed in the wild, and US federal agencies are required to remediate it under BOD 22-01. Treat patching as urgent.
Public exploit code is available. Proof-of-concept or working exploit code for CVE-2026-48282 is indexed in GitHub PoC and Nuclei. Expect opportunistic scanning and exploitation attempts — prioritize remediation.
Serial number: AV26–647 Date: July 2, 2026 Updated: July 7, 2026 On June 30, 2026, Adobe published security advisories to address critical vulnerabilities in the following products: Adobe ColdFusion 2025 – Update 9 and prior Adobe ColdFusion 2023 – Update 20 and prior Adobe Campaign Classic – version ACC v7: 7.4.3 build 9396 and prior Update 1 Open-source reporting indicates that CVE-2026-48282 is being exploited. Update 2 On July 7, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-48282 to their Known Exploited Vulnerabilities (KEV) Database. The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates. Security update available for Adobe ColdFusion | APSB26-68 Security updates available for Adobe Campaign Classic | APSB26-69 Adobe Security Advisories CISA KEV: CVE-2026-48282

CSIRTS triage

vendor: Adobeproduct: ColdFusionOtheraffected: 2025 – Update 9 and prior, 2023 – Update 20 and prior
What
Critical vulnerabilities have been identified in Adobe ColdFusion.
Who is affected
Users and administrators of Adobe ColdFusion 2025 and 2023.
Urgency
Remediation is urgent due to the critical nature of the vulnerabilities and reports of exploitation.
Action
Apply the necessary updates as per the security advisories.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-48282

Get an email if CVE-2026-48282 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Exploit availability

Public exploit or proof-of-concept code for CVE-2026-48282 is indexed in these free datasets. Available exploit code raises real-world risk independent of the CVSS score.

Advisory coverage (7)

External references

NVD record for CVE-2026-48282

CVE.org record

CISA KEV catalog

Embed the live status

CVE-2026-48282 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-48282 status](https://www.csirts.com/badge/CVE-2026-48282)](https://www.csirts.com/cve/CVE-2026-48282)