Adobe ColdFusion Zero-Day Exploited: Patch or Assume Breach
Today's cybersecurity digest — CVEs, headline news, quantum computing, and something weird. July 09, 2026
cybr.cx Daily Digest — July 09, 2026
Critical Vulnerabilities
⚠️ Actively exploited — CVE-2026-48282 | Adobe ColdFusion | No CVSS in KEV data
A path traversal vulnerability in Adobe ColdFusion is being actively exploited right now, enabling arbitrary code execution under the current user's context. ColdFusion installs exposed to the internet should be treated as compromised until patched. CISA's remediation deadline was July 10 — if you haven't acted, you're already overdue.
⚠️ Actively exploited — CVE-2026-45659 | Microsoft SharePoint Server | No CVSS in KEV data
Deserialization of untrusted data in SharePoint Server allows an authorized attacker to execute code remotely. This class of vulnerability is a perennial favourite for ransomware initial access; any SharePoint instance reachable from the internet warrants immediate attention. CISA's due date passed July 4 — escalate now.
⚠️ Actively exploited — CVE-2026-48908 | JoomShaper SP Page Builder (Joomla) | No CVSS in KEV data
Unauthenticated arbitrary file upload in the SP Page Builder component allows direct PHP webshell deployment. No authentication required makes this trivially exploitable at scale. If you run Joomla with this plugin, assume exposure and check your filesystem for unexpected PHP files.
⚠️ Actively exploited — CVE-2026-56290 | Joomlack Page Builder | No CVSS in KEV data
A second Joomla page builder component is under active exploitation via an improper access control flaw permitting unauthenticated arbitrary file upload leading to RCE. The simultaneous exploitation of two Joomla builder plugins suggests a coordinated campaign targeting the CMS ecosystem — audit all third-party Joomla extensions immediately.
⚠️ Actively exploited — CVE-2026-55255 | Langflow | No CVSS in KEV data
An authorization bypass in Langflow allows any authenticated user to execute flows belonging to other users simply by substituting a victim's flow ID in the request. In multi-tenant or shared Langflow deployments this is a critical data exposure and lateral movement risk. Given Langflow's growing adoption in agentic AI pipelines, blast radius here can extend well beyond the application itself.
CVE-2026-59257 | n8n (before 1.123.61 / 2.27.4 / 2.28.1) | CVSS 8.8
A SQL injection vulnerability in n8n's legacy MySQL v1 node directly interpolates {{ ... }} expression values into raw SQL without parameterization. Any workflow using expression-sourced inputs tied to an externally reachable trigger is exploitable by an attacker who can influence those inputs. Update to the patched versions immediately and audit workflows using the legacy MySQL node.
CVE-2026-29009 | U-Boot (through 2026.04-rc3) | CVSS 8.2
A buffer overflow in nfs_readlink_reply() allows a malicious NFS server to overflow a 2048-byte path buffer by chaining multiple relative symlink responses without cumulative length validation. This is particularly relevant for embedded and IoT devices that network-boot via NFS. If you can't patch, disabling CONFIG_CMD_NFS at build time eliminates the attack surface.
CVE-2026-59802 | PasswordPusher (before 2.8.1) | CVSS 8.2
Insufficient URL validation allows attackers to push data:text/html URIs that execute arbitrary JavaScript in victims' browsers under the trusted PasswordPusher domain. This is a particularly nasty phishing vector — users are conditioned to trust links from a secrets-sharing service. Upgrade to 2.8.1 and consider blocking data URI schemes at your proxy layer.
CVE-2026-44454 | Coder (before 2.29.7 / 2.30.2) | CVSS 8.1
Unsanitized user input passed to shell commands via the dotfiles registry module allows arbitrary code execution inside provisioned workspaces. An attacker supplying a crafted dotfiles_uri containing shell command substitution (e.g. $(...)) can escape intended sandbox boundaries. Dev environment platforms are high-value targets — patch and validate all user-supplied URI inputs.
CVE-2026-59806 | Gradio (before 6.20.0) | CVSS 7.4
An open redirect and client-side SSRF in Gradio's file_fetch() function allows unvalidated HTTP/HTTPS URLs to reach internal endpoints, including cloud metadata services. Attackers can craft malicious FileData responses to exfiltrate IAM credentials or pivot internally. Any Gradio deployment on cloud infrastructure with a metadata endpoint should treat this as high priority.
Headline News
GitHub's AI Agent Coaxed Into Leaking Private Repository Contents
Researchers have demonstrated a prompt injection attack against GitHub's AI coding agent that causes it to exfiltrate content from private repositories. The attack, dubbed "GitLost," exploits the agent's ability to access repository context by injecting malicious instructions through content the agent reads during normal operation — no special privileges or social engineering of the user required. The finding is significant because it highlights a structural problem in agentic AI systems: an agent operating with legitimate access to sensitive resources can be redirected by adversarial content it encounters in the environment, not just from its principal. GitHub has not issued a fix, and there is no documented mitigations or advisory from the platform at time of writing. Security teams using GitHub Copilot or similar AI agents with broad repository access should treat this as an active risk and consider scoping agent permissions to the minimum necessary until the underlying architecture is hardened.
Hidden Authentication Backdoor Found Across Multiple Tenda Firmware Versions
A hardcoded authentication backdoor has been discovered in multiple versions of Tenda router firmware, confirmed through CERT/CC. The backdoor allows an attacker with network access to bypass normal authentication entirely, granting administrative control over affected devices. Tenda routers are widely deployed in small business and home environments, and firmware update adoption in this segment is notoriously poor — meaning a substantial fraction of affected devices will remain vulnerable indefinitely. This follows a well-worn pattern of consumer-grade networking gear shipping with undocumented access mechanisms, and reinforces why such devices should never be placed in any network path that touches sensitive infrastructure. Practitioners managing remote workforces or branch connectivity via consumer-grade hardware should audit device inventory and treat affected Tenda models as untrusted until replaced or isolated.
Schrödinger's Feed
SEALSQ Corp and GlobalFoundries have signed an MoU to co-develop secure semiconductor platforms incorporating Post-Quantum Cryptography, a partnership that moves PQC out of the standards layer and directly into silicon fabrication. This matters because software-only PQC implementations carry performance overhead that makes them impractical on constrained hardware — embedding these algorithms at the chip level addresses that problem for IoT, embedded systems, and secure enclaves at scale. The collaboration lands as the White House convened a quantum innovation summit this week, signalling that the policy and industrial infrastructure for the PQC transition is accelerating in parallel with the threat. Practitioners responsible for long-lived hardware platforms — anything shipping today that will still be in the field in 2030+ — should be asking vendors whether their roadmaps include hardware-native PQC support.
/dev/random
Microsoft has released Flint, a visualization language designed specifically for AI agents to generate charts and structured visual outputs. Which raises an immediate question from anyone who has spent time wrestling with LLM output formatting: we've spent years teaching humans to read machine-readable data, and now we're building bespoke languages to teach machines to produce human-readable charts. The ouroboros continues. On the plus side, "an AI agent that can't accidentally render your bar chart as a CSV" does sound like genuine progress.