CVE-2026-47929
Analyzed Analyzed - Analysis Complete

Incorrect Authorization in Adobe ColdFusion Allows Code Execution

Publication date: 2026-06-09

Last updated on: 2026-06-15

Assigner: Adobe Systems Incorporated

Description
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could exploit this vulnerability to gain elevated access or control over the victim's account or session. Exploitation of this issue does not require user interaction. Scope is changed.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-09
Last Modified
2026-06-15
Generated
2026-06-30
AI Q&A
2026-06-10
EPSS Evaluated
2026-06-28
NVD
CVE-2026-47929

Affected Vendors & Products

Showing 29 associated CPEs
Vendor Product Version / Range
adobe coldfusion 2023
adobe coldfusion 2023
adobe coldfusion 2023
adobe coldfusion 2023
adobe coldfusion 2023
adobe coldfusion 2023
adobe coldfusion 2023
adobe coldfusion 2023
adobe coldfusion 2023
adobe coldfusion 2023
adobe coldfusion 2023
adobe coldfusion 2023
adobe coldfusion 2023
adobe coldfusion 2025
adobe coldfusion 2023
adobe coldfusion 2025
adobe coldfusion 2023
adobe coldfusion 2025
adobe coldfusion 2023
adobe coldfusion 2025
adobe coldfusion 2023
adobe coldfusion 2025
adobe coldfusion 2025
adobe coldfusion 2023
adobe coldfusion 2025
adobe coldfusion 2023
adobe coldfusion 2023
adobe coldfusion 2025
adobe coldfusion 2025

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability affects ColdFusion versions 2023.19, 2025.8, and earlier. It is an Incorrect Authorization vulnerability that allows an attacker to execute arbitrary code within the context of the current user.

A high-privileged attacker can exploit this flaw to gain elevated access or control over the victim's account or session without requiring any user interaction.

The scope of the vulnerability is changed, meaning it can affect resources beyond the initially intended boundaries.

Impact Analysis

Exploitation of this vulnerability can lead to arbitrary code execution with the privileges of the current user.

If the attacker has high privileges, they could gain elevated access or full control over the victim's account or session.

This could result in unauthorized actions, data compromise, or further system compromise without any user interaction.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-47929. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart