CVE-2026-27305

Medienbericht

EPSS 0.19%
Veröffentlicht 14.04.2026 21:53:57
Zuletzt bearbeitet 16.04.2026 14:42:19
Quelle psirt@adobe.com
CVE-Watchlists
Login
Unerledigt
Login

ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue does not require user interaction.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 26 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Adobe ≫ Coldfusion Version2023 Update-

Adobe ≫ Coldfusion Version2023 Updateupdate1

Adobe ≫ Coldfusion Version2023 Updateupdate10

Adobe ≫ Coldfusion Version2023 Updateupdate11

Adobe ≫ Coldfusion Version2023 Updateupdate12

Adobe ≫ Coldfusion Version2023 Updateupdate13

Adobe ≫ Coldfusion Version2023 Updateupdate14

Adobe ≫ Coldfusion Version2023 Updateupdate15

Adobe ≫ Coldfusion Version2023 Updateupdate16

Adobe ≫ Coldfusion Version2023 Updateupdate17

Adobe ≫ Coldfusion Version2023 Updateupdate18

Adobe ≫ Coldfusion Version2023 Updateupdate2

Adobe ≫ Coldfusion Version2023 Updateupdate3

Adobe ≫ Coldfusion Version2023 Updateupdate4

Adobe ≫ Coldfusion Version2023 Updateupdate5

Adobe ≫ Coldfusion Version2023 Updateupdate6

Adobe ≫ Coldfusion Version2023 Updateupdate7

Adobe ≫ Coldfusion Version2023 Updateupdate8

Adobe ≫ Coldfusion Version2023 Updateupdate9

Adobe ≫ Coldfusion Version2025 Update-

Adobe ≫ Coldfusion Version2025 Updateupdate1

Adobe ≫ Coldfusion Version2025 Updateupdate2

Adobe ≫ Coldfusion Version2025 Updateupdate3

Adobe ≫ Coldfusion Version2025 Updateupdate4

Adobe ≫ Coldfusion Version2025 Updateupdate5

Adobe ≫ Coldfusion Version2025 Updateupdate6

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.19%	0.408

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@adobe.com	8.6	3.9	4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

https://thehackernews.com/2026/04/april-patch-tuesday-fixes-critical.html

Media Report

https://helpx.adobe.com/security/products/coldfusion/apsb26-38.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-27305

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-27305

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-27305

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-27305