CVE-2026-27305
Path Traversal in Adobe ColdFusion Allows Arbitrary File Read
Publication date: 2026-04-14
Last updated on: 2026-04-16
Assigner: Adobe Systems Incorporated
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| adobe | coldfusion | 2023 |
| adobe | coldfusion | 2023 |
| adobe | coldfusion | 2023 |
| adobe | coldfusion | 2023 |
| adobe | coldfusion | 2023 |
| adobe | coldfusion | 2023 |
| adobe | coldfusion | 2023 |
| adobe | coldfusion | 2023 |
| adobe | coldfusion | 2023 |
| adobe | coldfusion | 2023 |
| adobe | coldfusion | 2023 |
| adobe | coldfusion | 2023 |
| adobe | coldfusion | 2023 |
| adobe | coldfusion | 2025 |
| adobe | coldfusion | 2023 |
| adobe | coldfusion | 2025 |
| adobe | coldfusion | 2023 |
| adobe | coldfusion | 2025 |
| adobe | coldfusion | 2023 |
| adobe | coldfusion | 2025 |
| adobe | coldfusion | 2023 |
| adobe | coldfusion | 2025 |
| adobe | coldfusion | 2025 |
| adobe | coldfusion | 2023 |
| adobe | coldfusion | 2025 |
| adobe | coldfusion | 2023 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects ColdFusion versions 2023.18, 2025.6, and earlier. It is a Path Traversal vulnerability caused by improper limitation of a pathname to a restricted directory. An attacker can exploit this flaw to read arbitrary files on the file system, including sensitive files and directories that should be inaccessible.
The exploitation does not require any user interaction, meaning an attacker can trigger it remotely without needing a victim to perform any action.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows an attacker to perform arbitrary file system reads by exploiting a path traversal flaw, potentially exposing sensitive files and directories outside the intended access scope.
Exposure of sensitive files due to this vulnerability could lead to non-compliance with data protection regulations such as GDPR and HIPAA, which require strict controls over access to personal and protected health information.
Therefore, if exploited, this vulnerability could result in unauthorized disclosure of sensitive data, impacting an organization's ability to meet compliance requirements related to confidentiality and data protection.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized access to sensitive files and directories outside the intended access scope. This could expose confidential information, configuration files, or other critical data stored on the server.
Since the vulnerability allows arbitrary file system read without user interaction, it increases the risk of data leakage and could be used as a stepping stone for further attacks.