CISA: Adobe ColdFusion flaw leveraged to access government servers (CVE-2023-26360)

Unknown attackers have leveraged a critical vulnerability (CVE-2023-26360) in the Adobe ColdFusion application development platform to access government servers, the Cybersecurity and Infrastructure Security Agency (CISA) has shared. About the exploited vulnerability CVE-2023-26360 is a deserialization of untrusted data vulnerability that could lead to arbitrary code execution. Adobe disclosed and fixed the flaw in mid-March 2023, and said that it was “aware that CVE-2023-26360 has been exploited in the wild in very limited attacks”. CVE-2023-26360 … More →

The post …

access adobe adobe coldfusion agency application application development arbitrary code attackers cisa code code execution coldfusion critical critical vulnerability cve cve-2023-26360 cybersecurity data deserialization development don't miss exploit exploited flaw government hot stuff infrastructure infrastructure security platform security servers untrusted vulnerability