ทันเอไอ

Global AI & tech news, in your language · every story source-checked

🌐Follow
← Back to news
AI AppsVerified

CISA Issues Urgent Order: US Government Agencies to Patch Adobe ColdFusion Vulnerability After Active Exploitation Detected

The U.S. cybersecurity agency has mandated federal government agencies to promptly update Adobe ColdFusion software following the discovery of a critical vulnerability currently being exploited by hackers.

📅 9 Jul 2026, 00:46
CISA Issues Urgent Order: US Government Agencies to Patch Adobe ColdFusion Vulnerability After Active Exploitation Detected

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive for U.S. federal agencies to update security patches for Adobe ColdFusion, a platform used for developing web applications. This order follows the discovery of a critical security vulnerability, CVE-2026-48282, which is a Path Traversal vulnerability (a technique for accessing files outside defined boundaries) affecting ColdFusion versions 2025.9, 2023.20, and earlier. This vulnerability allows malicious actors to remotely execute arbitrary code on the system without requiring complex access privileges. Of particular concern, CISA has confirmed that this vulnerability is being actively exploited, leading them to add it to the Known Exploited Vulnerabilities (KEV) catalog on July 7, 2026. Adobe had released a corrective patch a week prior and recommended users install it as soon as possible. Meanwhile, researchers from KEVIntel reported detecting exploitation attempts less than two hours after the vulnerability details were publicly disclosed.

Why it matters
Although this directive applies to U.S. government agencies, companies and organizations in Thailand using Adobe ColdFusion are also at high risk and should urgently update security patches to prevent attacks.
#Adobe ColdFusion#CISA#ช่องโหว่ความปลอดภัย#CVE-2026-48282