ColdFusion Path Traversal Poses High Risk

/HIGH
SCW vulnerabilitycvehigh-severitypath-traversalcwe-22
ColdFusion Path Traversal Poses High Risk

The National Vulnerability Database (NVD) has flagged CVE-2026-34619, a critical path traversal vulnerability impacting Adobe ColdFusion versions 2023.18, 2025.6, and earlier. This flaw, categorized under CWE-22, allows an attacker to bypass security features and access unauthorized files or directories outside of intended restrictions.

According to the NVD, the exploit does not require user interaction, which significantly lowers the bar for adversaries. With a CVSS score of 7.7 (HIGH), this vulnerability presents a substantial risk, potentially leading to a security feature bypass and unauthorized data access, though the NVD indicates no direct impact on confidentiality or integrity, but a high impact on availability.

Path traversal vulnerabilities are a classic vector, but they remain effective because they often catch organizations off-guard, especially in legacy systems or misconfigured environments. The ability to navigate file systems beyond intended roots can be a precursor to more severe attacks, including data exfiltration or arbitrary code execution if chained with other weaknesses.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1083 File and Directory Discovery Discovery T1566.002 Phishing: Spearphishing Attachment Initial Access

🛡️ Detection Rules

5 rules · 5 SIEM formats

5 auto-generated detection rules for this incident, mapped to MITRE ATT&CK. Available in Sigma, Splunk SPL, Sentinel KQL, Elastic Lucene, and QRadar AQL.

high T1190 Initial Access

Web Application Exploitation Attempt — CVE-2026-34619

Sigma Splunk SPL Sentinel KQL Elastic QRadar AQL

Get this rule in your SIEM's native format — copy, paste, detect. No manual conversion.

5 Sigma rules mapped to the ATT&CK techniques from this breach — pick your SIEM and get a ready-to-paste query.

Get Detection Rules →

Indicators of Compromise

IDTypeIndicator
CVE-2026-34619 Path Traversal ColdFusion versions 2023.18 and earlier
CVE-2026-34619 Path Traversal ColdFusion versions 2025.6 and earlier
CVE-2026-34619 Security feature bypass Improper Limitation of a Pathname to a Restricted Directory

By Shimi's Cyber World Editorial

Related Posts

Critical RCE Flaw Hits NuGet Gallery Backend

CVE-2026-39399 — NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within...

vulnerabilityCVEcriticalhigh-severityremote-code-executioncwe-20cwe-22
/CRITICAL /⚑ 4 IOCs

BoidCMS LFI to RCE: A Critical Template Flaw

CVE-2026-39387 — BoidCMS is an open-source, PHP-based flat-file CMS for building simple websites and blogs, using JSON as its database. Versions prior to 2.1.3 are...

vulnerabilityCVEhigh-severityremote-code-executioncwe-98
/HIGH /⚑ 4 IOCs

Nanobot AI: WebSocket Hijack Puts WhatsApp Sessions at Risk

CVE-2026-35589 — nanobot is a personal AI assistant. Versions prior to 0.1.5 contain a Cross-Site WebSocket Hijacking (CSWSH) vulnerability exists in the bridge's WebSocket server...

vulnerabilityCVEhigh-severitycwe-1385
/HIGH /⚑ 5 IOCs