{"vulnerability": "cve-2026-4827", "sightings": [{"uuid": "b6431bd7-f17c-4476-90fb-602be5b864e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-4827", "type": "seen", "source": "https://www.acn.gov.it/portale/w/vulnerabilita-in-prodotti-schneider-electric-11", "content": "", "creation_timestamp": "2026-05-12T04:05:34.000000Z"}, {"uuid": "10b861f5-5599-45b8-810c-3ac10bbc8aec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4827", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mlnybqzs6w2w", "content": "\ud83d\udd17 CVE : CVE-2025-0327, CVE-2026-4827, CVE-2026-6332, CVE-2026-6866", "creation_timestamp": "2026-05-12T14:20:40.546161Z"}, {"uuid": "5d3d516b-409d-48fd-afd4-b038af1669f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4827", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlo4j3r4sd2t", "content": "CVE-2026-4827 - Insufficient Entropy vulnerability on Multiple Products\nCVE ID : CVE-2026-4827\n \n Published : May 12, 2026, 1:17 p.m. | 1\u00a0hour, 8\u00a0minutes ago\n \n Description : CWE\u2011331 Insufficient Entropy vulnerability exists that could lead to unauthorized access when an attac...", "creation_timestamp": "2026-05-12T15:35:50.364843Z"}, {"uuid": "9e338048-2ea7-48aa-972e-68c18d1f4cdd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-4827", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-169-07", "content": "", "creation_timestamp": "2026-06-18T05:00:00.000000Z"}, {"uuid": "55417216-45b7-4932-af24-1056122103be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48276", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mpkgmzkfc726", "content": "\ud83d\udccc CVE-2026-48276 - ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in ... https://www.cyberhub.blog/cves/CVE-2026-48276", "creation_timestamp": "2026-07-01T02:07:07.764126Z"}, {"uuid": "1d82f15a-db22-4e5c-b73f-be04fdf8162d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48277", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mpkicnwhvr2v", "content": "\ud83d\udccc CVE-2026-48277 - ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code executi... https://www.cyberhub.blog/cves/CVE-2026-48277", "creation_timestamp": "2026-07-01T02:37:06.981745Z"}, {"uuid": "f3c84f5c-2667-4017-8117-68fa340fa3d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-48276", "type": "seen", "source": "https://www.cert.dk/news/2026-07-01/Kritiske-ColdFusion-saarbarheder-aabner-for-fuld-serverovertagelse", "content": "", "creation_timestamp": "2026-07-01T09:45:03.016416Z"}, {"uuid": "d747ad87-35a1-4edc-9c1a-9cae7ca72eaf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-48277", "type": "seen", "source": "https://www.cert.dk/news/2026-07-01/Kritiske-ColdFusion-saarbarheder-aabner-for-fuld-serverovertagelse", "content": "", "creation_timestamp": "2026-07-01T09:45:07.386843Z"}, {"uuid": "bf6717eb-6d8a-4bf5-82d0-6af032c81470", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48276", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116844608391888622", "content": "CRITICAL vulnerabilities patched in Adobe ColdFusion (2025/2023) &amp; Campaign Classic (7.4.3 build 9397). Multiple CVSS 10.0 flaws incl. CVE-2026-48286, CVE-2026-48276 \u2013 83. No active exploits, but patch ASAP. https://radar.offseq.com/threat/adobe-patches-critical-coldfusion-campaign-classic-baee08e7ac9d8888 #OffSeq #Adobe #ColdFusion #Vuln", "creation_timestamp": "2026-07-01T12:00:35.329807Z"}, {"uuid": "5fb1db67-414e-4886-8610-46590a5f23bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48276", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mpll4ubpnt2q", "content": "\ud83d\udd17 CVE : CVE-2026-48276, CVE-2026-48277, CVE-2026-48281, CVE-2026-48282, CVE-2026-48283, CVE-2026-48285, CVE-2026-48307, CVE-2026-48313, CVE-2026-48314, CVE-2026-48315, CVE-2026-48316", "creation_timestamp": "2026-07-01T13:00:13.031404Z"}, {"uuid": "59867b2f-d3a1-4146-a907-43c5541a8f42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48277", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mpll4ubpnt2q", "content": "\ud83d\udd17 CVE : CVE-2026-48276, CVE-2026-48277, CVE-2026-48281, CVE-2026-48282, CVE-2026-48283, CVE-2026-48285, CVE-2026-48307, CVE-2026-48313, CVE-2026-48314, CVE-2026-48315, CVE-2026-48316", "creation_timestamp": "2026-07-01T13:00:13.085007Z"}, {"uuid": "34d13534-1cb6-44b6-847a-6a9b1434f829", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48277", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpndqa2obu2t", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-48277 \u0432 Adobe ColdFusion: \u0443\u0433\u0440\u043e\u0437\u0430 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/A62F1AD7-81B1-438F-A62E-25F0BBE6EBBF", "creation_timestamp": "2026-07-02T05:53:12.653482Z"}, {"uuid": "119d5ce8-7a75-423a-8de3-df15260baccb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48276", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpndzuc4di2o", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-48276 \u0432 Adobe ColdFusion: \u0443\u0433\u0440\u043e\u0437\u0430 \u043d\u0435\u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u043e\u0439 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0444\u0430\u0439\u043b\u043e\u0432\n\n\n\nhttps://kripta.biz/posts/7D8B364D-9D93-4815-B902-60249CCB78B1", "creation_timestamp": "2026-07-02T05:58:35.783586Z"}, {"uuid": "e29fc72f-cb9f-4edf-bc0f-6f895e02cb19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48276", "type": "seen", "source": "https://bsky.app/profile/cyfar.ca/post/3mpotfgidrq26", "content": "~Watchtowr~\nAdobe ColdFusion APSB26-68 patches 11 CVEs including multiple RCE and arbitrary file read/write via RDS and CKEditor path traversal.\n-\nIOCs: CVE-2026-48282, CVE-2026-48276, CVE-2026-48313\n-\n#CVE #ColdFusion #RCE #ThreatIntel", "creation_timestamp": "2026-07-02T20:06:10.695809Z"}, {"uuid": "d3316c52-a0d0-4e13-9421-d79cfdb21a70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-48277", "type": "published-proof-of-concept", "source": "https://labs.watchtowr.com/its-37oc-and-all-we-can-think-about-is-coldfusion-adobe-coldfusion-security-bulletin-apsb26-68-cve-bonanza", "content": "", "creation_timestamp": "2026-07-03T04:00:59.390620Z"}, {"uuid": "1c412c4c-3961-4c01-801f-63c8280b44cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-48276", "type": "seen", "source": "https://gist.github.com/alon710/5cc09119469b7bc7e37fcd9f59fdfdb0", "content": "# CVE-2026-48276: CVE-2026-48276: Unrestricted File Upload in Adobe ColdFusion\n\n&gt; **CVSS Score:** 10.0\n&gt; **Published:** 2026-06-30\n&gt; **Full Report:** https://cvereports.com/reports/CVE-2026-48276\n\n## Summary\nAdobe ColdFusion versions 2025.9 and 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability (CWE-434). An unauthenticated remote attacker can exploit this flaw to upload malicious ColdFusion Markup Language (CFML) files directly into web-accessible directories. Accessing the uploaded script triggers arbitrary code execution in the security context of the running service account.\n\n## TL;DR\nA critical-severity unrestricted file upload vulnerability in Adobe ColdFusion allows unauthenticated remote attackers to execute arbitrary system commands via crafted web scripts.\n\n## Technical Details\n\n- **CWE ID**: CWE-434\n- **Attack Vector**: Network (AV:N)\n- **CVSS Score**: 10.0 (Critical)\n- **Exploit Status**: No public exploits currently documented\n- **KEV Status**: Not listed in CISA KEV catalog\n- **Impact**: Unauthenticated Remote Code Execution\n\n## Affected Systems\n\n- Adobe ColdFusion 2023\n- Adobe ColdFusion 2025\n\n## Mitigation\n\n- Deploy official security hotfixes from Adobe immediately.\n- Implement strict web-server level execute permission restrictions on all upload directories.\n- Configure the ColdFusion application runtime to execute under a dedicated low-privilege service account.\n\n**Remediation Steps:**\n1. Audit all corporate networks to locate active ColdFusion 2023 and 2025 deployments.\n2. For ColdFusion 2025 instances, apply Update 10 or later.\n3. For ColdFusion 2023 instances, apply Update 21 or later.\n4. Confirm patch application by reviewing the active updates tab in the ColdFusion Administrator console.\n5. Configure web server execution maps to prevent execution of server-side files within writable storage directories.\n\n## References\n\n- [Official Adobe Security Advisory (APSB26-68)](https://helpx.adobe.com/security/products/coldfusion/apsb26-68.html)\n- [CVE-2026-48276 Record on CVE.org](https://www.cve.org/CVERecord?id=CVE-2026-48276)\n- [Wiz Vulnerability Database Details](https://www.wiz.io/vulnerability-database/cve/cve-2026-48276)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-48276) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-07-06T11:51:38.029504Z"}, {"uuid": "2752a419-fdbd-4164-be2d-0be0565818cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-48276", "type": "seen", "source": "https://bsky.app/profile/getpacketai.bsky.social/post/3mq2nwossau2r", "content": "Critical zero-day in Adobe ColdFusion allows unauthenticated RCE via file upload. CVSS 10.0. If you're running ColdFusion 2023 or 2025, patch\u2026\n\nhttps://dev.to/cverports/cve-2026-48276-cve-2026-48276-unrestricted-file-upload-in-adobe-coldfusion-4f3d\n\n#cybersecurity #infosec", "creation_timestamp": "2026-07-07T13:00:23.502681Z"}, {"uuid": "bd39159e-7dce-45cf-89e2-df442f75a465", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-48276", "type": "seen", "source": "https://www.acn.gov.it/portale/w/adobe-aggiornamenti-di-sicurezza-17", "content": "", "creation_timestamp": "2026-07-08T08:45:03.170489Z"}, {"uuid": "7c3d3379-73f5-48a1-84d6-c2a7892deadd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-48277", "type": "seen", "source": "https://www.acn.gov.it/portale/w/adobe-aggiornamenti-di-sicurezza-17", "content": "", "creation_timestamp": "2026-07-08T08:45:06.111224Z"}]}