CVE-2026-47929
8.4 HIGHColdFusion versions 2023.19, 2025.8 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary c...
Published: 2026-06-09 · Last updated: 2026-06-09
Severity and scoring
- CVSS
- 8.4 HIGH
- Vector
- CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
- CWE
- CWE-863
Description
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could exploit this vulnerability to gain elevated access or control over the victim's account or session. Exploitation of this issue does not require user interaction. Scope is changed.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-24724 — An incorrect authorization vulnerability has been reported to affect File Station 6
- CVE-2026-48303 — Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by an Incorrect Authorization vulnerability that could re... (10.0 CRITICAL)
- CVE-2026-47910 — Dreamweaver Desktop versions 21.7 and earlier are affected by an Incorrect Authorization vulnerability that could lead to arbitrary file ... (6.3 MEDIUM)
- CVE-2026-41852 — A vulnerability in Spring Expression Language (SpEL) evaluation logic allows for arbitrary zero-argument method invocation, even within r... (3.7 LOW)
- CVE-2026-48507 — Snipe-IT is an IT asset/license management system (7.1 HIGH)