
[CIVN-2026-0356] Multiple Vulnerabilities in Adobe Products
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Multiple Vulnerabilities in Adobe Products
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: CRITICAL
Software Affected
Adobe ColdFusion 2025 Update 9 and earlier versions
Adobe ColdFusion 2023 Update 20 and earlier versions
Adobe Campaign Classic v7.4.3 Build 9396 and earlier (Windows and Linux, on-premises deployments)
Overview
Multiple vulnerabilities have been reported in Adobe ColdFusion and Adobe Campaign Classic that could allow a remote attacker to execute arbitrary code, gain elevated privileges, bypass security restrictions or access sensitive information on the targeted system.
Target Audience:
Individuals and organizations using the affected Adobe products.
Risk Assessment:
High risk of unauthorized access, and sensitive information disclosure.
Impact Assessment:
Potential for complete system compromise.
Description
Adobe products are widely used software applications for multimedia editing, digital content creation, collaboration, and enterprise e-commerce services.
These vulnerabilities exist due to improper input validation, unrestricted file upload, path traversal, server-side request forgery (SSRF) and incorrect authorization flaws. An attacker could exploit these vulnerabilities by sending specially crafted requests or interacting with vulnerable application components.
Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code, gain elevated privileges, bypass security restrictions or access sensitive information on the targeted system.
Solution
Apply appropriate updates as mentioned in:
https://helpx.adobe.com/security/products/coldfusion/apsb26-68.html
https://helpx.adobe.com/security/products/campaign/apsb26-69.html
Vendor Information
Adobe
https://helpx.adobe.com/security/security-bulletin.html
References
https://helpx.adobe.com/security/products/coldfusion/apsb26-68.html
https://helpx.adobe.com/security/products/campaign/apsb26-69.html
CVE Name
CVE-2026-48276
CVE-2026-48277
CVE-2026-48281
CVE-2026-48282
CVE-2026-48283
CVE-2026-48285
CVE-2026-48307
CVE-2026-48313
CVE-2026-48314
CVE-2026-48315
CVE-2026-48316
CVE-2026-48286
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmpLweAACgkQ3jCgcSdc
ys8rGw//fRExyEHZoh6XWV6koBbpm1Hw/TOtG0w4xo6lVHVCbmdVF2fXgwpY5vub
SEGwqgfo2q/4w09osof/CzvDoQ0ypLZcDUctLZkf5WpmfZlILhuAo4DWGrEb9dn0
rGv47o8TnFrtXIQFjsu6EnXXGTEDt9+dHXALNvA1tl2AX7HAHMHRSI7mjTIbnXMf
VWuJ1ya5MVn69Wndpi+EvLEc7VlUbxwaHTPhezPcax7x8SOEeKmDNoA1MBG28aBk
Ut7HJeGEySlTOEpWbweTaPgMm/Lb/UMS6+yzWmhRSYKxRsKa9R0Z7cx/4ImZpplJ
axtOIJs2RSbmcoef2ZpchNDpCOd/p2mdE74irCUCsse4j2941fCAAi0kXRj+Vl5F
ZdyBPspTShiDPU9A3I8rgWlGeFG4oGLierBDlH6Ti4JZNK36nz8FXIHNYow9WIWm
fCJ2uPOAfZeItWoJQriQ8/DSl9JYO4AVgA9er59jbUNZS6uIDALaCrgRpYvc5J7w
7/UwV5tz/5OV9V2sftd+/SNtYk+mAeR42+72sxHvoFtXCnxCgM6Y1gzWEBnFSTUp
elzbxLa1j96fL+wJ7XBH6JTnshAvp/8KlIJfMXT04NcFEXM7VW0JBpbOaGvrNeCM
mksQHi5CCWDoPBcgdCM3jJcnJeqnIj7qFp/bpMBSt0zMG69/T8c=
=SulK
—–END PGP SIGNATURE—–


