Based on proof of active exploitation, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a major security issue in Adobe ColdFusion to its list of known exploited vulnerabilities (KEV).
A deserialization flaw in Adobe ColdFusion 2018 (Update 15 and earlier) and ColdFusion 2021 (Update 5 and earlier) could lead to arbitrary code execution in the context of the current user without requiring any interaction. This vulnerability is categorised as CVE-2023-26359 (CVSS score: 9.8).
Dererialization, also known as unmarshaling, is the act of putting an object or data structure back together from a byte stream. However, if it’s carried out without first verifying the source or cleaning its contents, it may have unanticipated effects like read more Critical Adobe ColdFusion Flaw Added to CISA’s Exploited Vulnerability Catalog.
Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive coverage of the latest threats, breaches, and solutions.