Can we move the missing file path to detail?
Otherwise an attacker can just call a non existent file to expose the underlying file system structure.
i.e. https://download.lucee.org/404.cfm reveals the file system structure
If it's in detail, we can safely show the message to end users, omitting the detail