GHSA-f6w2-335h-mp8wHighCVSS 8.4

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Incorrect Authorization...

Published
June 9, 2026
Last Modified
June 9, 2026

🔗 CVE IDs covered (1)

📋 Description

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could exploit this vulnerability to gain elevated access or control over the victim's account or session. Exploitation of this issue does not require user interaction. Scope is changed.

🔗 References (3)