Security News > 2022 > June > Exploit released for Atlassian Confluence RCE bug, patch now

Exploit released for Atlassian Confluence RCE bug, patch now
2022-06-05 16:41

Proof-of-concept exploits for the actively exploited critical CVE-2022-26134 vulnerability impacting Atlassian Confluence and Data Center servers have been widely released this weekend.

The vulnerability tracked as CVE-2022-26134 is a critical unauthenticated, remote code execution vulnerability exploited through OGNL injection and impacts all Atlassian Confluence and Data Center 2016 servers after version 1.3.0.

On Friday, Atlassian released security updates to fix the vulnerability just as attacks escalated in the wild.

Friday afternoon, a proof-of-concept exploit for the Atlassian Confluence vulnerability was publicly posted.

The exploit soon spread widely online over the weekend, with researchers sharing examples on Twitter of how trivial it was to exploit.

If for some reason, you are unable to patch your servers immediately, Atlassian has provided mitigations for Confluence 7.0.0 through version 7.18.0.


News URL

https://www.bleepingcomputer.com/news/security/exploit-released-for-atlassian-confluence-rce-bug-patch-now/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-06-03 CVE-2022-26134 Expression Language Injection vulnerability in Atlassian Confluence Data Center and Confluence Server
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance.
network
low complexity
atlassian CWE-917
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Atlassian 58 3 259 104 46 412