CVE-2026-48307: Reflected Cross-Site Scripting (XSS) in Adobe ColdFusion
A reflected Cross-Site Scripting (XSS) vulnerability exists in Adobe ColdFusion versions 2025.9, 2023.20, and earlier. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially resulting in arbitrary code execution in the context of the current user. This requires user interaction, as a victim must open a malicious link.