Is CVE-2026-48285 being exploited?

No public exploit is currently tracked.

How severe is CVE-2026-48285?

CVE-2026-48285 has a CVSS v3 severity of HIGH (8.6).

Back

CVE-2026-48285

Description

ColdFusion versions 2025.9, 2023.20 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction. Scope is changed.