# Adobe Patches Critical ColdFusion Vulnerabilities

_Tuesday, July 14, 2026 at 8:00 AM EDT · Security · Latest · Tier 2 — Notable_

![Adobe Patches Critical ColdFusion Vulnerabilities — Primary](https://www.securityweek.com/wp-content/uploads/2023/07/Adobe.jpg)

Adobe on Tuesday rolled out security updates for 12 products to address 88 vulnerabilities, including critical-severity bugs in ColdFusion, Commerce, Experience Manager, and Illustrator, the company announced. Out of 13 security defects resolved in ColdFusion, eight are critical issues that could lead to arbitrary code execution and privilege escalation. The critical vulnerabilities include path traversal, code injection, improper input validation, missing authentication, SQL injection, and incorrect authorization. Adobe's advisory has a priority 1 rating, meaning that customers should apply the patches as soon as possible. ColdFusion 2025 update 11 and ColdFusion 2023 update 22 resolve all the bugs. The fresh patches come only two weeks after Adobe patched six maximum-severity weaknesses in ColdFusion, including one that hackers started exploiting in attacks within hours of public disclosure. On Tuesday, Adobe also resolved 13 vulnerabilities in Commerce, including two critical-severity bugs tracked as CVE-2026-48356 and CVE-2026-48358. The update for Experience Manager patches 13 security defects, including two critical bugs tracked as CVE-2026-48259 and CVE-2026-48359. Another critical issue was resolved in Illustrator, tracked as CVE-2026-48334. Adobe says it is not aware of any of these vulnerabilities being exploited in the wild. Users are advised to apply the patches as soon as possible.

## Sources

- [SecurityWeek](https://www.securityweek.com/adobe-patches-critical-coldfusion-vulnerabilities/)

---
Canonical: https://techandbusiness.org/newswire/LBgvrjCtplX4TVHmHXFGhw
Retrieved: 2026-07-14T23:34:38.719Z
Publisher: Tech & Business (techandbusiness.org)
