Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
ColdFusion CFC Deserialization RCE (CVE-2023-26359/CVE-2023-26360) - Vulnerability Database

ColdFusion CFC Deserialization RCE (CVE-2023-26359/CVE-2023-26360)

Description

Due to a vulnerability in ColdFusion components(.cfc) metadata handling, an unauthenticated attacker can execute arbitrary code or read files on the server

Remediation

Upgrade to the latest version of Adobe ColdFusion

References

Security updates available for Adobe ColdFusion | APSB23-25
CVE-2023-26359

Related Vulnerabilities

Invision Power Board version 3.3.4 unserialize PHP code execution High
Common tags: Insecure Deserialization Code Execution Known Vulnerabilities Missing Update
AjaxPro.NET Professional Deserialization RCE (CVE-2021-23758) High
Common tags: Insecure Deserialization Code Execution Known Vulnerabilities
SAP Hybris Deserialization RCE High
Common tags: Insecure Deserialization Code Execution Known Vulnerabilities
Ruby on Rails DoubleTap RCE (CVE-2019-5420) High
Common tags: Insecure Deserialization Code Execution Known Vulnerabilities
Sitecore XM/XP Insecure Deserialization (CVE-2025-27218) Critical
Common tags: Insecure Deserialization Code Execution Known Vulnerabilities

Severity

High

Classification

CVE-2023-26359
CVE-2023-26360
CWE-502
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Insecure Deserialization
Code Execution
Known Vulnerabilities
Missing Update