https://www.bleepingcomputer.com/news/security/cisa-warns-of-adobe-coldfusion-bug-exploited-as-a-zero-day/

CISA has added a critical vulnerability impacting Adobe ColdFusion versions 2021 and 2018 to its catalog of security bugs exploited in the wild.

This critical arbitrary code execution flaw (CVE-2023-26360) is due to an Improper Access Control weakness, and it can be abused remotely by unauthenticated attackers in low-complexity attacks that don't require user interaction.