CVE-2026-27308
Uncontrolled Resource Consumption in ColdFusion Causes DoS
Publication date: 2026-04-14
Last updated on: 2026-04-16
Assigner: Adobe Systems Incorporated
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| adobe | coldfusion | 2023 |
| adobe | coldfusion | 2023 |
| adobe | coldfusion | 2023 |
| adobe | coldfusion | 2023 |
| adobe | coldfusion | 2023 |
| adobe | coldfusion | 2023 |
| adobe | coldfusion | 2023 |
| adobe | coldfusion | 2023 |
| adobe | coldfusion | 2023 |
| adobe | coldfusion | 2023 |
| adobe | coldfusion | 2023 |
| adobe | coldfusion | 2023 |
| adobe | coldfusion | 2023 |
| adobe | coldfusion | 2025 |
| adobe | coldfusion | 2023 |
| adobe | coldfusion | 2025 |
| adobe | coldfusion | 2023 |
| adobe | coldfusion | 2025 |
| adobe | coldfusion | 2023 |
| adobe | coldfusion | 2025 |
| adobe | coldfusion | 2023 |
| adobe | coldfusion | 2025 |
| adobe | coldfusion | 2025 |
| adobe | coldfusion | 2023 |
| adobe | coldfusion | 2025 |
| adobe | coldfusion | 2023 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects ColdFusion versions 2023.18, 2025.6, and earlier. It is an Uncontrolled Resource Consumption vulnerability that can be exploited by a high-privileged attacker to exhaust system resources.
Exploiting this vulnerability can lead to a denial-of-service condition for the application by reducing its speed and availability.
Importantly, exploitation does not require any user interaction.
How can this vulnerability impact me? :
The vulnerability can impact you by causing a denial-of-service condition in the affected ColdFusion application.
A high-privileged attacker could exploit this issue to exhaust system resources, which would reduce the application's speed and potentially make it unavailable.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.