[CIVN-2026-0356] Multiple Vulnerabilities in Adobe Products

By Published On: July 6, 2026

—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256


Multiple Vulnerabilities in Adobe Products


Indian – Computer Emergency Response Team (https://www.cert-in.org.in)


Severity Rating: CRITICAL


Software Affected


Adobe ColdFusion 2025 Update 9 and earlier versions

Adobe ColdFusion 2023 Update 20 and earlier versions

Adobe Campaign Classic v7.4.3 Build 9396 and earlier (Windows and Linux, on-premises deployments)

Overview


Multiple vulnerabilities have been reported in Adobe ColdFusion and Adobe Campaign Classic that could allow a remote attacker to execute arbitrary code, gain elevated privileges, bypass security restrictions or access sensitive information on the targeted system.


Target Audience:

Individuals and organizations using the affected Adobe products.


Risk Assessment:

High risk of unauthorized access, and sensitive information disclosure.


Impact Assessment:

Potential for complete system compromise.


Description


Adobe products are widely used software applications for multimedia editing, digital content creation, collaboration, and enterprise e-commerce services.


These vulnerabilities exist due to improper input validation, unrestricted file upload, path traversal, server-side request forgery (SSRF) and incorrect authorization flaws. An attacker could exploit these vulnerabilities by sending specially crafted requests or interacting with vulnerable application components.


Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code, gain elevated privileges, bypass security restrictions or access sensitive information on the targeted system.


Solution


Apply appropriate updates as mentioned in:

https://helpx.adobe.com/security/products/coldfusion/apsb26-68.html


https://helpx.adobe.com/security/products/campaign/apsb26-69.html



Vendor Information


Adobe

https://helpx.adobe.com/security/security-bulletin.html


References


 

https://helpx.adobe.com/security/products/coldfusion/apsb26-68.html

https://helpx.adobe.com/security/products/campaign/apsb26-69.html


CVE Name

CVE-2026-48276

CVE-2026-48277

CVE-2026-48281

CVE-2026-48282

CVE-2026-48283

CVE-2026-48285

CVE-2026-48307

CVE-2026-48313

CVE-2026-48314

CVE-2026-48315

CVE-2026-48316

CVE-2026-48286




– —


Thanks and Regards,

CERT-In


Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS


Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–


iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmpLweAACgkQ3jCgcSdc

ys8rGw//fRExyEHZoh6XWV6koBbpm1Hw/TOtG0w4xo6lVHVCbmdVF2fXgwpY5vub

SEGwqgfo2q/4w09osof/CzvDoQ0ypLZcDUctLZkf5WpmfZlILhuAo4DWGrEb9dn0

rGv47o8TnFrtXIQFjsu6EnXXGTEDt9+dHXALNvA1tl2AX7HAHMHRSI7mjTIbnXMf

VWuJ1ya5MVn69Wndpi+EvLEc7VlUbxwaHTPhezPcax7x8SOEeKmDNoA1MBG28aBk

Ut7HJeGEySlTOEpWbweTaPgMm/Lb/UMS6+yzWmhRSYKxRsKa9R0Z7cx/4ImZpplJ

axtOIJs2RSbmcoef2ZpchNDpCOd/p2mdE74irCUCsse4j2941fCAAi0kXRj+Vl5F

ZdyBPspTShiDPU9A3I8rgWlGeFG4oGLierBDlH6Ti4JZNK36nz8FXIHNYow9WIWm

fCJ2uPOAfZeItWoJQriQ8/DSl9JYO4AVgA9er59jbUNZS6uIDALaCrgRpYvc5J7w

7/UwV5tz/5OV9V2sftd+/SNtYk+mAeR42+72sxHvoFtXCnxCgM6Y1gzWEBnFSTUp

elzbxLa1j96fL+wJ7XBH6JTnshAvp/8KlIJfMXT04NcFEXM7VW0JBpbOaGvrNeCM

mksQHi5CCWDoPBcgdCM3jJcnJeqnIj7qFp/bpMBSt0zMG69/T8c=

=SulK

—–END PGP SIGNATURE—–

Share this article