The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning about hackers actively exploiting a critical vulnerability in Adobe ColdFusion identified as CVE-2023-26360 to gain initial access to government servers.
The security issue allows executing arbitrary code on servers running Adobe ColdFusion 2018 Update 15 and older, and 2021 Update 5 and earlier. It was exploited as a zero day before Adobe fixed it in mid-March by releasing ColdFusion 2018 Update 16 and 2021 Update 6.
At the time, CISA published a notice about threat actors exploiting the flaw and urged federal organizations and state services to apply the available security updates.
In an alert today, America’s Cyber Defense Agency warns that CVE-2023-26360 is still leveraged in attacks,…
Source link