EIP-2026-118237
PRE-CVEAdobe ColdFusion 11 - LDAP Java Object Deserialization Remode Code Execution (RCE)
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-118237. PoCs published by Amel BOUZIANE-LEBLOND.
AI-analyzed exploit summary This exploit leverages LDAP Java object deserialization in Adobe ColdFusion 11 to achieve remote code execution via a rogue JNDI server. The attack involves sending a crafted request to the 'utils.cfc' endpoint with malicious LDAP server details.
Description
Adobe ColdFusion 11 - LDAP Java Object Deserialization Remode Code Execution (RCE)
Exploits (1)
exploitdb
WORKING POC
by Amel BOUZIANE-LEBLOND · textremotewindows
https://www.exploit-db.com/exploits/50781
This exploit leverages LDAP Java object deserialization in Adobe ColdFusion 11 to achieve remote code execution via a rogue JNDI server. The attack involves sending a crafted request to the 'utils.cfc' endpoint with malicious LDAP server details.
Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target:
Adobe ColdFusion 11.0.03.292866
No auth needed
Prerequisites:
Access to a vulnerable Adobe ColdFusion 11 instance · Rogue JNDI server setup
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026