CISA has added a vulnerability — cataloged as CVE-2023-26359 — to the Known Exploited Vulnerabilities Catalog with a CVSS score of 9.8 due to active exploitation. The vulnerability is a deserialization flaw affecting Adobe ColdFusion 2018 (Update 15 and earlier) and Adobe ColdFusion 2021 (Update 5 and earlier) and has the potential to result in arbitrary code execution.
Source: Dark Reading: Cloud