Based on proof of active exploitation, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) on March 15 added a security flaw affecting Adobe ColdFusion to its Known Exploited Vulnerabilities (KEV) list.
The major weakness in question is CVE-2023-26360 (CVSS rating: 8.6), which a threat actor might use to execute arbitrary code. According to CISA, Adobe ColdFusion has an inappropriate access control vulnerability that permits remote code execution.