{"id":81943,"date":"2026-07-14T00:46:48","date_gmt":"2026-07-13T21:16:48","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2026-48364-coldfusion-uncontrolled-search-path-element-cwe-427\/"},"modified":"2026-07-14T00:46:48","modified_gmt":"2026-07-13T21:16:48","slug":"cve-2026-48364-coldfusion-uncontrolled-search-path-element-cwe-427","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2026-48364-coldfusion-uncontrolled-search-path-element-cwe-427\/","title":{"rendered":"CVE-2026-48364 &#8211; ColdFusion | Uncontrolled Search Path Element (CWE-427)"},"content":{"rendered":"<p>CVE ID :CVE-2026-48364<\/p>\n<p>  Published : July 13, 2026, 9:16 p.m. | 13\u00a0minutes ago<\/p>\n<p>  Description :ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.<\/p>\n<p>  Severity: 8.2 | HIGH<\/p>\n<p>  Visit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID :CVE-2026-48364 Published : July 13, 2026, 9:16 p.m. | 13\u00a0minutes ago Description :ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-81943","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/81943","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=81943"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/81943\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=81943"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=81943"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=81943"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}