CVE-2022-26134

CVE Database · CVE-2022-26134

CVE-2022-26134

· CRITICALAnalyzed

CVSS v3.1

9.8

EPSS

100.00%

Published

Jun 3, 2022

Modified

Oct 24, 2025

CISA Known Exploited Vulnerability

Added: 2022-06-02 · Due: 2022-06-06

Immediately block all internet traffic to and from affected products AND apply the update per vendor instructions [https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html] OR remove the affected products by the due date on the right. Note: Once the update is successfully deployed, agencies can reassess the internet blocking rules.

Public PoC / Exploit (11)

All weaponized →

Exploit-DBConfluence Data Center 7.18.0 - Remote Code Execution (RCE)NucleiNuclei detection template TrickestTrickest PoC index GitHub PoCW01fh4cker/Serein★1251 GitHub PoCBeichenDream/CVE-2022-26134-Godzilla-MEMSHELL★341

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-917CWE-917

Affected Products (14)

atlassian · confluence_data_center (up to 7.4.17)vulnerable

atlassian · confluence_data_center (up to 7.13.7)vulnerable

atlassian · confluence_data_center (up to 7.14.3)vulnerable

atlassian · confluence_data_center (up to 7.15.2)vulnerable

atlassian · confluence_data_center (up to 7.16.4)vulnerable

atlassian · confluence_data_center (up to 7.17.4)vulnerable

atlassian · confluence_data_centervulnerable