Overview
Adobe has released security updates addressing multiple critical vulnerabilities in ColdFusion. Successful exploitation could allow an attacker to execute arbitrary code, read files from the affected systems, bypass security features, or escalate privileges. Adobe has stated that it is not aware of any exploitation in the wild, however, due to the critical severity and potential impact, affected users should apply the relevant updates as soon as possible.
- CVE-2026-48276: Unrestricted Upload of File with Dangerous Type Vulnerability (CVSSv3 10.0)
- CVE-2026-48277: Improper Input Validation Vulnerability (CVSSv3 10.0)
- CVE-2026-48281: Improper Input Validation Vulnerability (CVSSv3 10.0)
- CVE-2026-48282: Path Traversal Vulnerability (CVSSv3 10.0)
- CVE-2026-48283: Unrestricted Upload of File with Dangerous Type Vulnerability (CVSSv3 10.0)
- CVE-2026-48307: Cross-site Scripting (XSS) Vulnerability (CVSSv3 8.8)
- CVE-2026-48313: Path Traversal Vulnerability (CVSSv3 9.3)
- CVE-2026-48315: Improper Input Validation Vulnerability (CVSSv3 9.3)
- CVE-2026-48316: Improper Input Validation Vulnerability (CVSSv3 10.0)
Affected Versions: Adobe ColdFusion versions 2025.9, 2023.20 and earlier
Citrix has released a security advisory addressing multiple vulnerabilities found in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). Successful exploitation could allow an attacker to access sensitive files, cause denial of service, or trigger unexpected behaviour on affected systems.
- CVE-2026-8451: Insufficient Input Validation Vulnerability (CVSSv4 8.8)
- CVE-2026-8452: Memory Overflow Vulnerability (CVSSv4 8.8)
- CVE-2026-8655: Multiple Memory Overflow Vulnerabilities (CVSSv4 8.8)
- CVE-2026-10816: Unauthenticated Arbitrary File Read Vulnerability (CVSSv4 7.1)
- CVE-2026-10817: Insufficient Input Validation Vulnerability (CVSSv4 6.9)
- CVE-2026-13474: Denial of Service Vulnerability (CVSSv4 8.7)
Affected Versions:
-
- NetScaler ADC and NetScaler Gateway 14.1 before 14.1-72.61
- NetScaler ADC and NetScaler Gateway 13.1 before 13.1-63.18
- NetScaler ADC FIPS before 14.1-72.61 FIPS
- NetScaler ADC FIPS and NDcPP before 13.1-37.272
Cursor has released security updates addressing two critical severity vulnerabilities known as “DuneSlide” in Cursor ID. Successful exploitation of these vulnerabilities could allow an attacker to achieve remote code execution (RCE) through zero-click prompt injection. A benign prompt that processes attacker-controlled material is all that is required for exploitation; direct user interaction is not required.
- CVE-2026-50548: Cursor Desktop Sandbox Escape Vulnerability (CVSSv4 9.3)
- CVE-2026-50549: Cursor Desktop Sandbox Escape Vulnerability (CVSSv4 9.3)
Affected Versions: < 3.0
Recommended Action
Organisations are encouraged to review the appropriate security advisory pages and apply the updates:
Adobe – Adobe Security Bulletin
Citrix – CITRIX | Support
Cursor – Security Advisories · cursor/cursor · GitHub
If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.