Adobe Patches Critical Deserialization Vulnerability, but Exploits Persist


Due to active exploitation, CISA has added a vulnerability with a CVSS score of 9.8 and the catalog number CVE-2023-26359 to the list of known exploited vulnerabilities. It is possible for arbitrary code to be executed as a result of the vulnerability, which affects Adobe ColdFusion 2018 and Adobe ColdFusion 2021.

When an item is serialized, it becomes a data format that can eventually be reconstituted, like with JSON and XML’s serialized data. Deserialization is the opposite of this procedure, which involves rebuilding data that has been structured in some format into an object. Without validating a trusted source, deserialization might result in code execution or denial of service.

Read More…