### [CVE-2023-26359](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26359)
![](https://img.shields.io/static/v1?label=Product&message=ColdFusion&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C%3D%20CF2018U15%2C%20CF2021U5%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Deserialization%20of%20Untrusted%20Data%20(CWE-502)&color=brighgreen)

### Description

Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/jakabakos/CVE-2023-26360-adobe-coldfusion-rce-exploit
- https://github.com/netlas-io/netlas-cookbook
- https://github.com/netlas-io/netlas-dorks