CVE-2022-26134
Published: Jun 3, 2022
Modified: Oct 21, 2025
Description
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.
| Vendor | Product | Versions |
|---|---|---|
Atlassian | Confluence Data Center | affected next of 1.3.0 - < unspecifiedaffected unspecified - < 7.4.17affected 7.13.0 - < unspecifiedaffected unspecified - < 7.13.7affected 7.14.0 - < unspecified+9 more versions |
Atlassian | Confluence Server | affected next of 1.3.0 - < unspecifiedaffected unspecified - < 7.4.17affected 7.13.0 - < unspecifiedaffected unspecified - < 7.13.7affected 7.14.0 - < unspecified+9 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now