CISA directs federal patch for ColdFusion zero-day
🔒 The U.S. Cybersecurity and Infrastructure Security Agency has ordered federal agencies to patch an actively exploited, maximum-severity vulnerability in Adobe ColdFusion (CVE-2026-48282) by Friday. Adobe published fixes for affected ColdFusion versions last week and urged administrators to install updates immediately. The flaw enables unauthenticated remote code execution in low-complexity attacks and has been observed in the wild soon after disclosure. CISA added the issue to its KEV catalog and invoked BOD 26-04 to enforce remediation timelines for FCEB agencies.
