Loading
Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a Java deserialization vulnerability in the Apache BlazeDS library. Successful exploitation could lead to arbitrary code execution.
Use CWE-502, Adobe vendor hub and Coldfusion product page to widen CVE-2017-3066 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2026-27304, CVE-2026-27305 and CVE-2026-27306 for nearby disclosures in the same product family.