How to patch Adobe ColdFusion

Q: How do I check which version of ColdFusion I am running?

Use: CF Administrator → System Information (shows version & update level) (ColdFusion Administrator). Record the result before and after patching to confirm the update applied.

Adobe · Actively exploited · 5 steps · ColdFusion security status → · updated June 2026

Adobe releases ColdFusion security fixes as numbered updates. Apply the matching update, restart the service, and apply the ColdFusion lockdown guidance — this product is repeatedly exploited.

actively exploited (KEV)

215

tracked CVEs

—

latest supported

ColdFusion has 16 actively-exploited vulnerabilities on the CISA KEV list — patching is urgent.

Check your current version first

Before you patch, record what you're running (ColdFusion Administrator):

CF Administrator → System Information (shows version & update level)

Or paste your version into the checker for an instant verdict.

Step by step

Check version & update level

Open the ColdFusion Administrator → System Information and record the version and current update number.

Get the matching update

Find the security update for your version in the relevant Adobe Security Bulletin (APSB).

Back up and stop the service

Back up the install, then stop the ColdFusion application service.

Apply the update

Install via CF Administrator → Server Updates → Updates, or run the update package, then restart the service.

Lock down & verify

Apply the Adobe ColdFusion lockdown guide (restrict admin, remove samples) and confirm the new update level in System Information.

Watch out for:

ColdFusion is a recurring exploitation target — apply updates fast and never expose the CF Administrator to the internet.
Follow the official lockdown guide; default installs are an attack magnet.

Official sources

Advisory: Adobe ColdFusion Security Bulletins ↗
Download: ColdFusion release notes / updates ↗

Don't patch blind. ColdFusion has 16 actively-exploited vulnerabilities on the CISA KEV list — patching is urgent. See exactly which versions are safe and what you're exposed to.

ColdFusion security status →

Stay ahead of the next one

ColdFusion security status & health score — score, open CVEs and safe version.
ColdFusion vulnerabilities — the full CVE list and what's exploited.
Monitor ColdFusion — get an email alert the moment a new exploited vulnerability lands.

Frequently asked questions

What is the latest version of ColdFusion?

Check the current supported ColdFusion release on its product page or the official vendor advisory, then patch to it.

How do I check which version of ColdFusion I am running?

Use: CF Administrator → System Information (shows version & update level) (ColdFusion Administrator). Record the result before and after patching to confirm the update applied.

Is ColdFusion being actively exploited right now?

Yes — 16 ColdFusion vulnerabilities are on the CISA Known Exploited Vulnerabilities (KEV) list, so attackers are using them in the wild. Patch promptly. See the exploitation radar.

How do I patch ColdFusion safely without breaking production?

Always test in a non-production environment first, take a backup or snapshot, follow the official vendor advisory, and have a tested rollback. Patch one node at a time for clustered or high-availability setups.

Patch steps are general, well-established guidance for ColdFusion — always test in a non-production environment first and follow the official Adobe advisory for your exact version. IsItPatched is independent and not affiliated with Adobe; this is not a substitute for vendor documentation. See our disclaimer.

← All patching guides · Security guides →