ZDI 2026-04-15

ZDI-26-263: Adobe ColdFusion subscribeToEndpoints Authentication Bypass Vulnerability

CVE-2026-27282

Machine-generated analysis · WAYSCloud LLM

The vulnerability allows authentication bypass without requiring authentication to exploit. The ZDI has assigned a CVSS rating of 6.5.

Context

Adobe ColdFusion is affected by an authentication bypass vulnerability in the subscribeToEndpoints component. The source states that remote attackers can bypass authentication without requiring authentication to exploit. The advisory does not provide details on affected versions or patch availability.

Operator considerations

The source does not provide enough basis for specific operator guidance.

From Zero Day Initiative ↗

This vulnerability allows remote attackers to bypass authentication on affected installations of Adobe ColdFusion. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2026-27282.

Read the full advisory on ZDI →