INSPECTING ARCHIVED INTELLIGENCE (OUTDATED VERSION).

Adobe Patches ColdFusion Flaws in Campaign Classic

| 2026-07-01 15:25 CRITICAL LOW
Executive Summary AI-generated
The latest incident data reveals a critical vulnerability in Adobe ColdFusion and Campaign Classic, with multiple maximum-severity security flaws impacting these software applications. The vulnerabilities were identified on July 1, 2026, and have been patched by Adobe as of the same date. These exploits include arbitrary code execution, privilege escalation, file system read access, and security feature bypass. Researchers Anirudh Anand, Matan Sandori, and 2Bsecure have discovered and reported these vulnerabilities, which were later fixed in version ACC v7: 7.4.3 build 9396 and earlier for Windows and Linux. The disclosure comes as Adobe shifts from monthly to twice-monthly publication of security bulletins and advisories starting July 14, 2026, due to accelerated vulnerability discovery using advanced techniques.
Technical Mitigations AI-generated
* Implement secure coding practices and input validation mechanisms to prevent arbitrary code execution vulnerabilities. * Regularly update Adobe ColdFusion and Campaign Classic versions to ensure that known security flaws are patched before they can be exploited by attackers. * Use a web application firewall (WAF) or intrusion detection system (IDS) to detect and block low-complexity attacks, such as those targeting vulnerable software like Adobe ColdFusion and Campaign Classic. * Monitor system logs and network traffic for suspicious activity that may indicate an attack is in progress, and take prompt action if necessary.
AI Podcast (EN) detail_available
detail_listen_ai (EN)
Intelligence distributed on:
Incident Link
Intelligence Metadata
Actors / Malware / CVEs / Campaigns
Campaign ClassicCampaign Classic CVE-2026-48286CVE-2026-48286 CVE-2026-48282CVE-2026-48282 CVE-2026-48313CVE-2026-48313 CVE-2026-48307CVE-2026-48307 CVE-2026-48283CVE-2026-48283 CVE-2026-48276CVE-2026-48276 CVE-2026-48316CVE-2026-48316 CVE-2026-48277CVE-2026-48277 CVE-2026-48315CVE-2026-48315 CVE-2026-48281CVE-2026-48281 CVE-2026-34621CVE-2026-34621
Target & Sectors
Global Scope
Incident Timeline
‎Jul 01, 2026
Threat actors used Adobe Campaign Classic to exploit an improper input validation vulnerability in ColdFusion.
organisation Adobe
infrastructure Windows
infrastructure Linux
infrastructure 7.4.3
organisation Adobe Campaign Classic
organisation ACC
organisation CVSS
organisation Anirudh Anand
organisation Matan Sandori
organisation CVE-2026-48282
organisation CVE-2026
organisation Adobe Campaign
‎2026/07/01
Adobe released security patches for multiple maximum-severity vulnerabilities in Adobe ColdFusion and Adobe Campaign Classic.
organisation Adobe
organisation ColdFusion
infrastructure 7.4.3
infrastructure 2025.9
infrastructure 2023.20
organisation CVE-2026
organisation Adobe Campaign
organisation CSO
organisation EDR
‎July 14, 2026
Threat actors used Adobe's AI-powered vulnerability discovery tools to identify and exploit previously unknown flaws in ColdFusion and Campaign Classic.
organisation Adobe Security Bulletins
organisation Adobe's
Tactical Metrics
Metrics
infrastructure
‎Windows
Affected Product
Metrics
infrastructure
‎Linux
Affected Product
Metrics
infrastructure
‎7.4.3
Software Version
Metrics
infrastructure
‎2025.9
Software Version
Metrics
infrastructure
‎2023.20
Software Version
Intelligence Sources
BleepingComputer 2026-07-01