EIP-2026-103976

PRE-CVE

Macromedia ColdFusion MX 6.1 - Template Handling Privilege Escalation

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103976. PoCs published by Eric Lackey.

AI-analyzed exploit summary This ColdFusion exploit leverages a privilege escalation vulnerability by dynamically compiling a Java class that extends the SecurityManager to disable administrative security checks. It then retrieves the administrator password, demonstrating unauthorized access to sensitive configuration files.

Description

Macromedia ColdFusion MX 6.1 - Template Handling Privilege Escalation

Exploits (1)

exploitdb WORKING POC VERIFIED
by Eric Lackey · textremotemultiple
https://www.exploit-db.com/exploits/24654

This ColdFusion exploit leverages a privilege escalation vulnerability by dynamically compiling a Java class that extends the SecurityManager to disable administrative security checks. It then retrieves the administrator password, demonstrating unauthorized access to sensitive configuration files.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Macromedia ColdFusion MX
No auth needed
Prerequisites: Access to a ColdFusion server with template execution privileges · Java runtime environment available in the ColdFusion context
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026