Security vulnerability for Adobe ColdFusion. The US CISA: It contains an improper access control flaw that allows for remote code execution. Adobe: It has been exploited in the wild in very limited attacks

Adobe ColdFusion ha a security vulnerability, which could be exploited by a threat actor to achieve arbitrary code execution. It has been denounced by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which added the CVE-2023-26360 to the Known Exploited Vulnerabilities (KEV) Catalog. Adobe ColdFusion contains an improper access control vulnerability that allows for remote code execution. The flaw impacts ColdFusion 2018 (Update 15 and earlier versions) and ColdFusion 2021 (Update 5 and earlier versions). It has been solved in versions Update 16 and Update 6. ColdFusion 2016 and ColdFusion 11 installations, are no longer supported by Adobe, as they have reached end-of-life (EoL), but the company stated that it’s aware of the flaw being “exploited in the wild in very limited attacks.”