A critical vulnerability in Adobe ColdFusion, tracked as CVE-2026-48282, is now being actively exploited in the wild, according to SecurityWeek. The flaw received the highest possible CVSS severity rating of 10 out of 10, underscoring its potential for complete system compromise.

The vulnerability was patched by Adobe in a recent security update, but attackers are moving quickly to target unpatched instances. The severity score reflects the ease of exploitation and the broad impact on confidentiality, integrity, and availability of affected systems.

Technical specifics regarding the attack vector have not been fully disclosed, but the CVSS rating suggests remote code execution without authentication is likely. Security teams should monitor for indicators of compromise associated with ColdFusion server anomalies.

Organizations running Adobe ColdFusion are urged to apply the latest security patches immediately if they have not already done so. No workarounds have been published, making patching the only reliable mitigation.

The identity of the threat actors and the scale of ongoing attacks remain unclear, but the exploitation of a maximum-severity vulnerability typically signals widespread scanning and potential ransomware deployment.