A vulnerability was found in Adobe ColdFusion up to 2023.20/2025.9. It has been declared as critical. Affected by this issue is some unknown functionality. Such manipulation leads to unrestricted upload.

This vulnerability is referenced as CVE-2026-48276. It is possible to launch the attack remotely. No exploit is available.

It is recommended to upgrade the affected component.