Loading
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue does not require user interaction.
Use CWE-22, Adobe vendor hub and Coldfusion product page to widen CVE-2026-27305 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2026-27304, CVE-2026-27306 and CVE-2026-34619 for nearby disclosures in the same product family.