CVE-2023-26360
Adobe ColdFusion Improper Access Control Arbitrary code execution
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- February 22, 2023
- Published Date
- March 23, 2023
- Last Updated
- February 04, 2025
- Vendor
- Adobe
- Product
- ColdFusion
- Description
- Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
- Tags
- Exploitation
- active
- Automatable
- Yes
- Technical Impact
- total
CVSS Scores
CVSS v3.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
SSVC Information
References
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2023-03-15 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/adobe_coldfusion_rce_cve_2023_26360.rb | 2025-04-29 11:01:20 UTC |
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-26360.yaml | 2025-04-26 00:00:00 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
adobe_coldfusion_rce_cve_2023_26360
Type: metasploit • Created: Unknown
jakabakos/CVE-2023-26360-adobe-coldfusion-rce-exploit
Type: github • Created: 2024-05-14 11:22:35 UTC • Stars: 4
yosef0x01/CVE-2023-26360
Type: github • Created: 2023-12-26 06:26:01 UTC • Stars: 4
Timeline
-
CVE ID Reserved
-
Added to KEVIntel
-
CVE Published to Public
-
Proof of Concept Exploit Available
-
Detected by Nuclei
-
Detected by Metasploit