Security News > 2022 > June > Critical Atlassian Confluence zero-day actively used in attacks
Hackers are actively exploiting a new Atlassian Confluence zero-day vulnerability tracked as CVE-2022-26134 to install web shells, with no fix available at this time.
Today, Atlassian released a security advisory disclosing that CVE-2022-26134 is a critical unauthenticated, remote code execution vulnerability tracked in both Confluence Server and Data Center.
Atlassian says that they confirmed the vulnerability in Confluence Server 7.18.0 and believe that Confluence Server and Data Center 7.4.0 and higher are also vulnerable.
After conducting the investigation, Volexity could reproduce the exploit against the latest Confluence Server version and disclosed it to Atlassian on May 31st. "After a thorough review of the collected data, Volexity was able to determine the server compromise stemmed from an attacker launching an exploit to achieve remote code execution," explains a blog post by Volexity.
As there are no patches available, Volexity also recommends that Confluence admins disconnect their servers from the Internet until Atlassian releases a fix.
Volexity has released a list of IP addresses behind the attacks and Yara rules to identify web shell activity on Confluence servers.
News URL
Related news
- Fortinet fixes critical zero-day exploited in FortiVoice attacks (source)
- Apple fixes two zero-days exploited in targeted iPhone attacks (source)
- Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) (source)
- Apple Patches Two Zero-Days Used in ‘Extremely Sophisticated’ Attacks (source)
- Phishing detection is broken: Why most attacks feel like a zero day (source)
- DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks (source)
- SAP fixes critical Netweaver flaw exploited in attacks (source)
- SAP fixes suspected Netweaver zero-day exploited in attacks (source)
- Craft CMS RCE exploit chain used in zero-day attacks to steal data (source)
- Google: 97 zero-days exploited in 2024, over 50% in spyware attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-03 | CVE-2022-26134 | Expression Language Injection vulnerability in Atlassian Confluence Data Center In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. | 9.8 |