CVE-2026-34619
Received Received - Intake
Path Traversal in Adobe ColdFusion Allows Security Bypass

Publication date: 2026-04-14

Last updated on: 2026-04-16

Assigner: Adobe Systems Incorporated

Description
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access unauthorized files or directories outside the intended restrictions. Exploitation of this issue does not require user interaction.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-14
Last Modified
2026-04-16
Generated
2026-06-16
AI Q&A
2026-04-15
EPSS Evaluated
2026-06-15
NVD
CVE-2026-34619
EUVD
EUVD-2026-22762
Affected Vendors & Products
Showing 26 associated CPEs
Vendor Product Version / Range
adobe coldfusion 2023
adobe coldfusion 2023
adobe coldfusion 2023
adobe coldfusion 2023
adobe coldfusion 2023
adobe coldfusion 2023
adobe coldfusion 2023
adobe coldfusion 2023
adobe coldfusion 2023
adobe coldfusion 2023
adobe coldfusion 2023
adobe coldfusion 2023
adobe coldfusion 2023
adobe coldfusion 2025
adobe coldfusion 2023
adobe coldfusion 2025
adobe coldfusion 2023
adobe coldfusion 2025
adobe coldfusion 2023
adobe coldfusion 2025
adobe coldfusion 2023
adobe coldfusion 2025
adobe coldfusion 2025
adobe coldfusion 2023
adobe coldfusion 2025
adobe coldfusion 2023
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows an attacker to bypass security features and access unauthorized files or directories outside intended restrictions. This could potentially lead to exposure of sensitive or protected data.

Such unauthorized access may impact compliance with standards and regulations like GDPR or HIPAA, which require strict controls on data access and protection of personal or sensitive information.

However, the provided information does not explicitly describe the direct effects on compliance with these standards.

Executive Summary

This vulnerability affects ColdFusion versions 2023.18, 2025.6 and earlier. It is an Improper Limitation of a Pathname to a Restricted Directory, also known as a Path Traversal vulnerability. This means that an attacker can bypass security restrictions and access files or directories that should be off-limits.

The attacker does not need any user interaction to exploit this vulnerability, making it easier to leverage.

Impact Analysis

This vulnerability can allow an attacker to bypass security features and access unauthorized files or directories outside the intended restricted areas.

Such unauthorized access could lead to potential disruption or damage, as indicated by the CVSS score which shows a high impact on availability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34619. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart