Multiple cybersecurity outlets report that threat actors are exploiting a maximum-severity Adobe ColdFusion vulnerability identified as CVE-2026-48282. The flaw is described as having a CVSS score of 10.0 (10/10) and is among the highest-severity issues addressed in Adobe’s June 30, 2026 security updates for ColdFusion.

According to reporting from vulnerability intelligence sources, exploitation attempts are observed shortly after public technical details emerge. Help Net Security and Bleeping Computer cite KEVIntel telemetry, including detections from honeypot sensors. The activity is reported on July 2, shortly after watchTowr researchers publish a technical analysis covering CVE-2026-48282 and other recently fixed ColdFusion vulnerabilities.

SecurityWeek also states that the newly patched critical ColdFusion issue is being exploited in attacks in the wild. Infosecurity Magazine similarly notes active exploitation of the CVSS 10.0 ColdFusion flaw. Across sources, the main shared points are the vulnerability identifier, its critical severity, its patch date in Adobe’s June 30 release, and early signs of exploitation detected days later.