neotranslator compiler

+1 to Charlie and BKBK's comments that the effort to move to a supported platform is going to be worth it for the security benefits alone.  That's the best path forward.

With that said ... Some of the original technical analysis of CVE-2023-26360 mentions the NeoTranslator compiler as being a component used during exploitation.  And at least one source mentions disabling the NeoTranslator compiler as an alternate workaround if you're unable to patch -- without giving specific details -- but does offer the caveat that "it will also prevent you from using some features of ColdFusion."  The NeoTranslator compiler is used to convert CFML source into Java classes -- which is a pretty core part of the ColdFusion engine functionality.  I'm unaware of any supported/official way to "disable the NeoTranslator compiler".  There could be some hacky ways to do it (I have no idea what would work or if it would be effective security control) -- but then you'd also need to find a way to convert your legitimate CFML source into Java classes.  Maybe you could pre-compile your code, but it just all seems like a convoluted path.

If your host is vulnerable to  CVE-2023-26360, it's also vulnerable to Critical vulnerability CVE-2023-26359 (and subsequent variants CVE-2023-29300, CVE-2023-38203, CVE-2023-38204, and CVE-2023-44353) -- as well as other ColdFusion security patches that have only been released for CF2021 and 2023 (but also mpact <= CF2018).

There are a number of things you can do to lockdown a ColdFusion system if you're really unable to patch, but that choice will come with a significant amount of accepted risk.  I will say that blocking remote HTTP/HTTPS access to *.cfc files (which will break/block access to all remote CFC components) will break exploitation of many recent critical ColdFusion vulnerabilities.

While you await an answer on that question (which I've actually never heard before), can you share one or two of the things that make you unable to upgrade? I'm sure many would find that helpful.

...or maybe there's a way to overcome those, to allow you to get off that Cf version--which is no longer updated by Adobe. (The security risks alone would seem a strong driver to overcome those challenges.) 

BTW, if the COST of upgrading to cf2023 might be an issue (because Adobe only offers a discount price for those who are now on cf2021), some great news is that there's a special offer of a 25% discount for those on cf2018 and earlier, available now through Sept. More at a post I offered:

https://www.carehart.org/blog/client/index.cfm/2024/7/8/limited_time_upgrade_discount_to_CF2023_from_older_releases

Let's see if anyone has more on your specific question, but I really hope you'll share what compatibility issue seems to be precluding your upgrade.