CVE-2022-26134

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.

Published: Jun 4, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-26134
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
atlassian / confluence_data_center	7.18.0	7.18.0.x
atlassian / confluence_data_center	7.17.0	7.17.4
atlassian / confluence_data_center	7.16.0	7.16.4
atlassian / confluence_data_center	7.15.0	7.15.2
atlassian / confluence_data_center	7.14.0	7.14.3
atlassian / confluence_data_center	7.13.0	7.13.7
atlassian / confluence_data_center	1.3	7.4.17
atlassian / confluence_server	7.18.0	7.18.0.x
atlassian / confluence_server	7.17.0	7.17.4
atlassian / confluence_server	7.16.0	7.16.4
atlassian / confluence_server	7.15.0	7.15.2
atlassian / confluence_server	7.14.0	7.14.3
atlassian / confluence_server	7.13.0	7.13.7
atlassian / confluence_server	1.3	7.4.17

Vulnerability Database

289,697

CVE-2022-26134