logo
Home/CVEs/CVE-2023-26360/

CVE-2023-26360 - Adobe ColdFusion Deserialization of Untrusted Data Vulnerability

Project:Adobe

Product:ColdFusion

Date Added:2023-03-15Due Date:2023-04-05

Vulnerability Name

Adobe ColdFusion Deserialization of Untrusted Data Vulnerability

Description

Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for remote code execution.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply updates per vendor instructions.

Additional Notes

https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html

https://nvd.nist.gov/vuln/detail/CVE-2023-26360

Related News Articles

Adobe warns of critical ColdFusion bug with PoC exploit codeDecember 24, 2024

Chinese-Speaking Hacker Group Targets Human Rights Studies in Middle EastSeptember 6, 2024

Hackers use PoC exploits in attacks 22 minutes after releaseJuly 13, 2024