Resources

Atlassian Patches a Critical Confluence RCE Vulnerability Exploited in the Wild

Threat Intelligence

June 6, 2022

Atlassian Patches a Critical Confluence RCE Vulnerability Exploited in the Wild

Atlassian has released new Confluence ‘Server’ and ‘Data Center’ versions addressing an exploited in the wild critical remote code execution vulnerability.

The Vulnerability

CVE-2022-26134, Critical Severity – OGNL injection vulnerability allows an unauthenticated user to execute arbitrary code on a Confluence ‘Server’ or ‘Data Center’ instance.

Affected Products

Confluence ‘Server’ and ‘Data Center’:
- Prior to version 7.4.17.
- Prior to version 7.13.7.
- Prior to version 7.14.3.
- Prior to version 7.15.2.
- Prior to version 7.16.4.
- Prior to version 7.17.4.
- Prior to version 7.18.1.

Mitigation

CYREBRO recommends updating relevant products to their latest available versions.

References: Confluence Advisory.

Back to Resources

Resources

Atlassian Patches a Critical Confluence RCE Vulnerability Exploited in the Wild

The Vulnerability

Affected Products

Mitigation

Sign Up for Updates