Adobe ColdFusion CVE-2026-48282 RCE Actively Exploited

The cybersecurity field has seen critical vulnerabilities weaponized rapidly, sophisticated nation-state actors enhancing their toolsets, and new attack methods emerge. Headlining these developments is the active, unauthenticated exploitation of CVE-2026-48282, a severe path traversal flaw in Adobe ColdFusion's Remote Development Services (RDS) FILEIO handler. This vulnerability, assigned a CVSS v3.1 score of 10.0, allows attackers to write arbitrary files to the server's file system, leading to remote code execution (RCE) without requiring prior authentication or user interaction. Its critical nature and confirmed exploitation led CISA to add it to its Known Exploited Vulnerabilities Catalog, requiring immediate attention from affected organizations.

Beyond this urgent vulnerability, threat intelligence indicates the Iran-nexus advanced persistent threat (APT) group, Cavern Manticore, is expanding its offensive capabilities. This actor, known for targeting Israeli government and IT sectors, has deployed a new modular command-and-control (C2) framework. It has advanced anti-analysis and anti-forensics features, delivered via DLL sideloading in legitimate software. Concurrently, the first documented end-to-end agentic ransomware operation, JadePuffer, has shown how large language models (LLMs) can automate intrusions, exploiting vulnerabilities like CVE-2025-3248 in Langflow instances to encrypt critical data.

Adding to the threat complexity, a memory overread vulnerability, CVE-2026-8451, in Citrix NetScaler appliances configured as SAML Identity Providers (IdP) has also seen rapid exploitation. This flaw, with a CVSS score of 8.8, allows unauthenticated attackers to disclose sensitive process memory, including tokens and credentials. This shows persistent weaknesses in critical network infrastructure components. These incidents collectively demonstrate a dynamic threat environment where opportunistic exploitation of high-severity flaws and targeted campaigns by advanced adversaries remain prominent risks.

How is CVE-2026-48282 being exploited in Adobe ColdFusion?

CVE-2026-48282 is exploited through a path traversal vulnerability in the Adobe ColdFusion Remote Development Services (RDS) FILEIO handler, allowing unauthenticated attackers to achieve remote code execution (RCE). The flaw, rated CVSS 10.0, permits an attacker to write arbitrary files to any location on the server's file system, including the web root, by sending a specially crafted HTTP POST request. This bypasses authentication and user interaction requirements, making any internet-accessible ColdFusion instance with RDS enabled vulnerable to full compromise.

The vulnerability stems from the FILEIO handler's failure to properly validate user-controlled file paths. Before Adobe's security update, paths supplied via the RDS RPC interface were passed directly to the underlying file system API without sufficient path canonicalization, directory boundary validation, or input validation. This allowed attackers to use directory traversal sequences (../ or ..\) or unauthorized absolute paths to reference locations outside the intended RDS working directory. By crafting an RPC request to the /CFIDE/main/ide.cfm?ACTION=FILEIO endpoint, an attacker can write a malicious CFML (ColdFusion Markup Language) file, essentially a webshell, into an executable directory like C:\ColdFusion2025\cfusion\wwwroot\. Upon accessing this webshell via a standard HTTP GET request, the ColdFusion server executes arbitrary commands with the privileges of its service account.

The full attack chain typically involves these steps: identifying an exposed ColdFusion RDS endpoint, verifying arbitrary file write capability (e.g., by writing and reading a temporary marker file), dropping a CFML webshell, and then executing commands through that webshell. Post-exploitation activities include establishing persistence, accessing sensitive ColdFusion configuration files, recovering credentials, and performing lateral movement. The vulnerability affects Adobe ColdFusion 2025 Update 9 and earlier (fixed in Update 10) and ColdFusion 2023 Update 20 and earlier (fixed in Update 21).

Organizations must immediately apply Adobe's security updates to ColdFusion 2025 Update 10 or ColdFusion 2023 Update 21. If immediate patching is not feasible, disabling or restricting access to Remote Development Services (RDS) is a critical interim mitigation. Administrative endpoints such as /CFIDE/administrator, /CFIDE/main/ide.cfm, and /CFIDE/main/websocket.cfm should also be blocked from external access. Additionally, monitoring logs for POST requests to /CFIDE/main/ide.cfm?ACTION=FILEIO and unusual file creations in web root directories can indicate exploitation attempts.

What defines Cavern Manticore's new modular C2 framework?

Cavern Manticore, an Iran-nexus advanced persistent threat (APT) group, has deployed a new modular command-and-control (C2) framework. Its characteristics include sophisticated anti-analysis techniques and targeted operations against Israeli government and IT sectors. The framework, internally dubbed "Cavern," is built entirely on .NET but deliberately utilizes three distinct compilation formats: .NET Framework (IL-only), Mixed-Mode C++/CLI (IL + Native), and .NET 8 NativeAOT (Native-only). This multi-format approach serves as a primary anti-analysis layer, forcing reverse engineers to use multiple toolchains and workflows to analyze different malware components.

The attack chain begins with DLL sideloading, often abusing existing Remote Monitoring and Management (RMM) software like SysAid's update feature to deploy a trojanized uxtheme.dll (the Cavern Agent) into a legitimate application's directory, such as C:\ProgramData\WinDir\WinDirStat.exe. The agent then loads a native communication module, n-HTCommp.dll, for HTTPS/WebSocket C2 communication, which uses XOR encryption and Base64 encoding. The C2 infrastructure relies on subdomains like auth[.]hospitalinstallation[.]com and google[.]com[.]hospitalinstallation[.]com, with the google[.]com[.] prefix acting as a visual deception in proxy logs. The framework also has strong anti-forensics capabilities, employing custom AppDomain isolation for each module execution, allowing modules to be cleanly unloaded from memory without leaving artifacts.

Cavern Manticore's post-exploitation modules provide extensive capabilities, including file system management (mhm.dll), SQL database browsing (db.dll), Active Directory reconnaissance and LDAP brute-forcing (ode.dll), network reconnaissance and SMB brute-forcing (n-ten.dll), and SOCKS5/WebSocket tunneling (n-sws.dll). These modules communicate with the agent using a consistent interface and a shared Command.Type enum, encompassing 61 distinct command IDs. Attribution links to other Iranian MOIS-aligned groups like MuddyWater and Lyceum are supported by overlaps in targeting (e.g., SysAid servers), C2 infrastructure (e.g., use of Fars Data as an Iranian hosting provider), and unique C2 protocols from older "Cav3rn" variants. For a deeper look at methods for attributing and analyzing sophisticated threat actor toolsets, refer to our research on threat actor analysis methods.

This human-authored framework, likely with AI assistance for boilerplate code, shows developer "fingerprints" such as frustrated error messages ("What is this sh*t?! where is get_version?!?") and typos in binary strings. Defenders should prioritize monitoring for anomalous activity involving uxtheme.dll or similar DLL sideloading indicators, especially within the C:\ProgramData directory.

How does agentic ransomware like JadePuffer operate?

JadePuffer represents the first documented instance of end-to-end agentic ransomware, where a large language model (LLM) autonomously drives the entire intrusion lifecycle from initial access to database extortion. This new approach, detailed by Sysdig and CSO Online, uses an LLM to adapt its actions on the fly, showing a significant shift in ransomware operational speed and resilience. The core finding is not a new class of vulnerability, but rather that an AI agent can exploit ordinary exposures, weak segmentation, and readily available credentials with high iteration speed.

Initial access for JadePuffer was achieved by exploiting CVE-2025-3248 in an internet-facing Langflow instance. Langflow, an open-source framework for building LLM-driven applications, proved to be an effective entry point due to its proximity to API keys, cloud credentials, and internal application context. After the initial compromise, the agent pivoted to a production server hosting MySQL and Alibaba's Nacos configuration platform. Sysdig and CSO reported that the agent harvested credentials, established persistence, mapped internal services, and successfully encrypted 1,342 Nacos configuration records before deleting the original tables and issuing a Bitcoin ransom demand. The operation also demonstrated self-correction, successfully identifying a working path within 31 seconds after an initial failed Nacos administrator account attempt.

The operational shift shown by JadePuffer is its adaptive nature and rapid iteration speed. Unlike traditional ransomware, which relies on pre-programmed scripts, an agentic system can observe failures, generate revised plans, and continue the attack without human intervention. This capability compresses the defensive timing window, making early detection of signals such as exposed app execution, abnormal credential access, internal service discovery, and rapid payload iteration critical. For additional insights into how AI is influencing the threat landscape, explore our analysis on AI in cybersecurity.

The most practical takeaway for defenders is the increased value of fundamental cybersecurity hygiene. Patching internet-facing AI workflow tools like Langflow, ensuring secrets are not stored in web-reachable environments, treating internal service discovery from AI orchestration hosts as suspicious, and enforcing strict egress controls are paramount. The encryption key handling in the JadePuffer case also reportedly made recovery impossible even if the victim paid, reinforcing the need for solid, tested recovery plans that focus on data resilience.

What is the risk from CVE-2026-8451 in Citrix NetScaler?

CVE-2026-8451, a memory overread vulnerability in Citrix NetScaler (formerly Citrix ADC and Citrix Gateway) appliances, poses a significant risk due to its active exploitation and potential for unauthenticated information disclosure. This flaw, assigned a CVSS score of 8.8, resides within NetScaler's SAML XML parser and allows an unauthenticated attacker to disclose arbitrary process memory, including sensitive tokens and credentials, when the appliance is configured as a SAML Identity Provider (IdP).

Exploitation attempts were observed by security researchers, including Lupovis and eSentire's Threat Response Unit (TRU), within 24 hours of the vulnerability's public disclosure on July 1st, 2026. Threat actors were observed using publicly available proof-of-concept (PoC) code to deliver exploit payloads against decoy infrastructure, indicating immediate weaponization. The attack involves sending specially crafted malformed XML data within SAML authentication requests to a vulnerable NetScaler appliance. This triggers an out-of-bounds memory read, with leaked memory fragments potentially returned within the NSC_TASS cookie in the HTTP response. While generally leaking smaller amounts of data compared to similar past vulnerabilities, the flaw still poses a critical risk for credential and session token compromise.

Successful exploitation requires the targeted appliance to be configured as a SAML Identity Provider, but no authentication is needed to trigger the vulnerable functionality. This low barrier to entry makes internet-facing NetScaler IdP instances highly susceptible. The vulnerability shares a root cause category with an earlier NetScaler memory disclosure flaw, CVE-2026-3055, showing a recurring pattern of memory management weaknesses in these appliances. Such rapid weaponization of newly disclosed vulnerabilities is a common trend, as detailed in our research on zero-day exploitation trends.

Organizations using Citrix NetScaler appliances configured as SAML IdPs must apply the relevant security patches immediately. If immediate patching is not possible, disabling the SAML IdP configuration serves as an interim mitigation. Furthermore, administrators should review logs for POST requests to /saml/login since June 30th, 2026, and inspect SAMLRequest values for anomalous whitespace padding or non-printable/binary content in NSC_TASS cookie values, which could indicate successful exploitation.

Technical Takeaways

  • Adobe ColdFusion CVE-2026-48282 is an actively exploited, unauthenticated path traversal leading to RCE (CVSS 10.0). This requires immediate patching of ColdFusion 2025 Update 9 and earlier, or 2023 Update 20 and earlier versions.
  • Cavern Manticore (Iran-nexus APT) employs a sophisticated, human-authored modular .NET C2 framework. It uses three different compilation formats (IL-only, Mixed-Mode C++/CLI, NativeAOT) as an anti-analysis layer, targeting Israeli government and IT entities via DLL sideloading and RMM abuse.
  • JadePuffer marks the first documented end-to-end agentic ransomware operation. It demonstrates how LLMs can autonomously exploit vulnerabilities like CVE-2025-3248 in Langflow to encrypt data, showing a new era of adaptive, rapid-iteration cyber extortion.
  • Citrix NetScaler CVE-2026-8451 (CVSS 8.8) is under active, unauthenticated exploitation for memory disclosure when configured as a SAML IdP. This emphasizes the critical need to patch or disable the SAML IdP functionality to prevent token and credential compromise.
  • The widespread and immediate weaponization of publicly disclosed vulnerabilities and PoC code shows the critical importance of timely patching, strong vulnerability management, and improved detection capabilities across all network-facing enterprise applications and infrastructure.