CVE-2026-47932
8.8 HIGHColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Tra...
Published: 2026-06-09 · Last updated: 2026-06-09
Severity and scoring
- CVSS
- 8.8 HIGH
- Vector
- CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
- CWE
- CWE-22
Description
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access unauthorized files or directories outside the intended restrictions. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-24717 — A path traversal vulnerability has been reported to affect several QNAP operating system versions
- CVE-2025-62851 — A path traversal vulnerability has been reported to affect License Center
- CVE-2026-46491 — SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module (8.6 HIGH)
- CVE-2026-44716 — Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents (7.5 HIGH)
- CVE-2026-34657 — CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Improper Limitation of a Pathname to a Restr... (5.5 MEDIUM)