Adobe has released an urgent update for a critical vulnerability in ColdFusion 2018, 2016 and 11. These updates have been given the highest priority rating and should be installed as soon as possible.

According to Adobe, “This attack requires the ability to upload executable code to a web-accessible directory, and then execute that code via an HTTP request. Restricting requests to directories where uploaded files are stored will mitigate this attack.”

You can read more about this security update from Adobe’s Security Bulletin. There are additional security configuration settings outlined on the ColdFusion Security page.

We recommend that you update your version of ColdFusion as soon as possible. Please let us know if there’s anything we can do to help!