Actively exploited vulnerability

CVE-2023-26360: Adobe ColdFusion Deserialization of Untrusted Data Vulnerability

Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for remote code execution.

CISA KEV source 15 Mar 2023 added 5 Apr 2023 remediation due

Affected product

Adobe · ColdFusion

Known ransomware use: Unknown

Required action

Follow the source advisory and validate exposure in your environment.

Apply updates per vendor instructions.

Related Yasna coverage

Recent reporting that mentions CVE-2023-26360.

Bleeping Computer6 Dec 2023

Hackers breach US govt agencies using Adobe ColdFusion exploit

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning about hackers actively exploiting a critical vulnerability in Adobe ColdFusion identified as CVE-2023-26360 to gain initial access to government servers. [...]