Skip to content
← Browse CVEs

CVE-2022-26134

Critical · CVSS 9.8EPSS 100.0%CISA KEVCWE-917

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.

References

NVD MITRE CVE.org CISA KEV

Published

Community ground truth

Community verdict

2 verdicts
Not a real issue

Includes TruePositive's curated baseline from public sources — community verdicts accrue on top.

to add your verdict.

Community real-world severity: Critical (Critical 2) — CVSS base score 9.8

In line with its CVSS base score.

Field notes & remediation

Verdicts are the quick signal — notes are the evidence and fixes behind them.

  • 0
    Field note · Mara OkonkwoCurated

    Unauth OGNL injection → RCE on Confluence Server/Data Center. Exploited as a zero-day, then commodity. Internet-facing Confluence is a perennial ransomware on-ramp.

  • 0
    Remediation · Diego RamírezCurated

    Patch to a fixed version; if it was exposed pre-patch, do IR (look for spawned web shells/child processes of the Confluence JVM). Get it behind SSO/VPN.