Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
                
            Metrics
Affected Vendors & Products
References
        History
                    Wed, 22 Oct 2025 00:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| References |  | 
Tue, 21 Oct 2025 20:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| References |  | 
Tue, 21 Oct 2025 19:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| References |  | 
Wed, 05 Feb 2025 14:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | kev 
 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: adobe
Published: 2023-03-23T00:00:00.000Z
Updated: 2025-10-21T23:15:22.129Z
Reserved: 2023-02-22T00:00:00.000Z
Link: CVE-2023-26359
 Vulnrichment
                        Vulnrichment
                    Updated: 2024-08-02T11:46:24.561Z
 NVD
                        NVD
                    Status : Analyzed
Published: 2023-03-23T20:15:15.167
Modified: 2025-10-23T11:12:54.057
Link: CVE-2023-26359
 Redhat
                        Redhat
                    No data.