CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2021-26084

CVSS 9.8v3.1pub. 2021-08-30upd. 2025-10-24

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Atlassian Confluence Data Center

    APP
    Atlassian
    < 6.13.236.14.0 – 7.4.11 (bez)7.5.0 – 7.11.6 (bez)7.12.0 – 7.12.5 (bez)
  • Atlassian Confluence Server

    APP
    Atlassian
    < 6.13.236.14.0 – 7.4.11 (bez)7.5.0 – 7.11.6 (bez)7.12.0 – 7.12.5 (bez)

CISA KEV — detailsi

Vendori
Atlassian
Producti
Confluence Server and Data Center
Added to KEVi
November 3, 2021
Remediation deadline (US Federal)i
November 17, 2021(overdue)
Ransomwarei
Active ransomware campaigns exploit this vulnerability
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

Atlassian Confluence Server and Data Server contain an Object-Graph Navigation Language (OGNL) injection vulnerability that may allow an unauthenticated attacker to execute code.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
☠️WYKORZYSTYWANE W RANSOMWARECISA DEADLINE: 17 listopada 2021
Tags
RCEAuth Bypass
CWE
References

Related vulnerabilities

CVE-2023-22527CRITICAL9.8⚠ KEVPL ✓ten sam produkt

RCE via template injection w Atlassian Confluence Data Center i Server

CVE-2023-22518CRITICAL9.8⚠ KEVten sam produkt

All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Imprope...

CVE-2023-22515CRITICAL9.8⚠ KEVten sam produkt

Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have...

CVE-2022-26138CRITICAL9.8⚠ KEVten sam produkt

The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user acc...

CVE-2022-26134CRITICAL9.8⚠ KEVten sam produkt

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would a...