CVE-2026-27307 LOW

CVE-2026-27307: ColdFusion | Uncontrolled Resource Consumption (CWE-400)

Vendor Adobe
Product ColdFusion
Weakness CWE-400
Published April 14, 2026
Last update April 15, 2026
View on NVD All CVEs

CVSS base score

2.4/10
Attack vector Adjacent
Attack complexity Low
Privileges required High
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. A high-privileged attacker could exploit this vulnerability and exhaust system resources, reducing application speed. Exploitation of this issue does not require user interaction.

Key dates

02Disclosure timeline

April 14, 2026 CVE published
April 15, 2026 Record updated