Security News > 2022 > June > Atlassian Releases Patch for Confluence Zero-Day Flaw Exploited in the Wild
Atlassian on Friday rolled out fixes to address a critical security flaw affecting its Confluence Server and Data Center products that have come under active exploitation by threat actors to achieve remote code execution.
Tracked as CVE-2022-26134, the issue is similar to CVE-2021-26084 - another security flaw the Australian software company patched in August 2021.
Both relate to a case of Object-Graph Navigation Language injection that could be exploited to achieve arbitrary code execution on a Confluence Server or Data Center instance.
The newly discovered shortcoming impacts all supported versions of Confluence Server and Data Center, with every version after 1.3.0 also affected.
According to stats from internet asset discovery platform Censys, there are about 9,325 services across 8,347 distinct hosts running a vulnerable version of Atlassian Confluence, with most instances located in the U.S., China, Germany, Russia, and France.
Evidence of active exploitation of the flaw, likely by attackers of Chinese origin, came to light after cybersecurity firm Volexity discovered the flaw over the Memorial Day weekend in the U.S. during an incident response investigation.
News URL
https://thehackernews.com/2022/06/atlassian-releases-patch-for-confluence.html
Related news
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- New Windows zero-day leaks NTLM hashes, gets unofficial patch (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-03 | CVE-2022-26134 | Expression Language Injection vulnerability in Atlassian Confluence Data Center In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. | 9.8 |
| 2021-08-30 | CVE-2021-26084 | Expression Language Injection vulnerability in Atlassian Confluence Data Center and Confluence Server In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. | 9.8 |