← back
CVE-2022-26134

CVE-2022-26134

CVSS 9.8 CRITICALEPSS 100.0%● KEVCWE-917
In short

Confluence Server and Data Center have a critical flaw that allows anyone on the internet to run malicious code on the affected server without needing a password. This happens because the application improperly processes user input through OGNL (Object-Graph Navigation Language), a templating system.

Technical detail

An unauthenticated remote attacker can exploit an OGNL injection vulnerability (CWE-917) in Confluence Server and Data Center to achieve arbitrary code execution. The vulnerability stems from insufficient input validation in OGNL expression handling, allowing injection of malicious expressions that are evaluated server-side. This affects versions 1.3.0–7.4.16, 7.13.0–7.13.6, 7.14.0–7.14.2, 7.15.0–7.15.1, 7.16.0–7.16.3, 7.17.0–7.17.3, and 7.18.0.

Summary generated and translated by AI from the official description.
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Atlassian · Confluence Data CenterAtlassian · Confluence Server
public PoCs found77
githubgithub.com/W01fh4cker/Serein1250githubgithub.com/BeichenDream/CVE-2022-26134-Godzilla-MEMSHELL341githubgithub.com/jbaines-r7/through_the_wire174githubgithub.com/hev0x/CVE-2022-2613444githubgithub.com/crowsec-edtech/CVE-2022-2613430githubgithub.com/nxtexploit/CVE-2022-2613429githubgithub.com/SNCKER/CVE-2022-2613427githubgithub.com/SIFalcon/confluencePot20githubgithub.com/AmoloHT/CVE-2022-2613414githubgithub.com/whokilleddb/CVE-2022-26134-Confluence-RCE13githubgithub.com/iveresk/cve-2022-2613412githubgithub.com/redhuntlabs/ConfluentPwn12githubgithub.com/MaskCyberSecurityTeam/CVE-2022-26134_Behinder_MemShell9githubgithub.com/offlinehoster/CVE-2022-261348githubgithub.com/abhishekmorla/CVE-2022-261348githubgithub.com/keven1z/CVE-2022-261347githubgithub.com/BBD-YZZ/Confluence-RCE5githubgithub.com/archanchoudhury/Confluence-CVE-2022-261344githubgithub.com/kh4sh3i/CVE-2022-261344githubgithub.com/alcaparra/CVE-2022-261344githubgithub.com/Chocapikk/CVE-2022-261344githubgithub.com/Y000o/Confluence-CVE-2022-261344githubgithub.com/li8u99/CVE-2022-261344githubgithub.com/Debajyoti0-0/CVE-2022-261343githubgithub.com/cai-niao98/CVE-2022-261343githubgithub.com/Vulnmachines/Confluence-CVE-2022-261343githubgithub.com/skhalsa-sigsci/CVE-2022-26134-LAB3githubgithub.com/kyxiaxiang/CVE-2022-261343githubgithub.com/cbk914/CVE-2022-26134_check3githubgithub.com/KeepWannabe/BotCon3githubgithub.com/twoning/CVE-2022-26134-PoC2githubgithub.com/b4dboy17/CVE-2022-261342githubgithub.com/f4yd4-s3c/cve-2022-261342githubgithub.com/Brucetg/CVE-2022-261342githubgithub.com/ColdFusionX/CVE-2022-261342githubgithub.com/p4b3l1t0/confusploit2githubgithub.com/kailing0220/CVE-2022-261341githubgithub.com/1337in/CVE-2022-26134web1githubgithub.com/acfirthh/CVE-2022-261341githubgithub.com/r1skkam/TryHackMe-Atlassian-CVE-2022-261341githubgithub.com/reubensammut/cve-2022-261341githubgithub.com/0xAgun/CVE-2022-261341githubgithub.com/coskper-papa/CVE-2022-261341githubgithub.com/ma1am/CVE-2022-26134-Exploit-Detection1githubgithub.com/CJ-0107/cve-2022-261341githubgithub.com/axingde/CVE-2022-261341githubgithub.com/shamo0/CVE-2022-261341githubgithub.com/kelemaoya/CVE-2022-261341githubgithub.com/404fu/CVE-2022-26134-POC1githubgithub.com/Habib0x0/CVE-2022-261341githubgithub.com/wjlin0/CVE-2022-261340githubgithub.com/vesperp/CVE-2022-26134-Confluence0githubgithub.com/secjia/CVE-2022-261340githubgithub.com/sunny-kathuria/exploit_CVE-2022-261340githubgithub.com/Luchoane/CVE-2022-26134_conFLU0githubgithub.com/shiftsansan/CVE-2022-26134-Console0githubgithub.com/yigexioabai/CVE-2022-26134-cve10githubgithub.com/xanszZZ/ATLASSIAN-Confluence_rce0githubgithub.com/latings/CVE-2022-261340githubgithub.com/yyqxi/CVE-2022-261340githubgithub.com/tpdlshdmlrkfmcla/cve-2022-261340githubgithub.com/thetowsif/CVE-2022-261340githubgithub.com/MAHABUB122003/Atlassian-CVE-2022-261340githubgithub.com/crypt0lith/confluence-ognl-rce0githubgithub.com/roodhelios/CVE-2022-26134-OGNL-Injection0githubgithub.com/Muhammad-Ali007/Atlassian_CVE-2022-261340githubgithub.com/yTxZx/CVE-2022-261340githubgithub.com/DARKSTUFF-LAB/-CVE-2022-261340githubgithub.com/xsxtw/CVE-2022-261340githubgithub.com/cc3305/CVE-2022-261340githubgithub.com/Gilospy/CVE-2022-261340githubgithub.com/Khalidhaimur/CVE-2022-261340cve_referencepacketstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.htmlunverifiedcve_referencepacketstormsecurity.com/files/167431/Through-The-Wire-CVE-2022-26134-Confluence-Proof-Of-Concept.htmlunverifiedcve_referencepacketstormsecurity.com/files/167432/Confluence-OGNL-Injection-Proof-Of-Concept.htmlunverifiedexploitdbwww.exploit-db.com/exploits/50952unverifiedcve_referencepacketstormsecurity.com/files/167430/Confluence-OGNL-Injection-Remote-Code-Execution.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/167430/Confluence-OGNL-Injection-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/167431/Through-The-Wire-CVE-2022-26134-Confluence-Proof-Of-Concept.htmlhttp://packetstormsecurity.com/files/167432/Confluence-OGNL-Injection-Proof-Of-Concept.htmlhttp://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.htmlhttps://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.htmlhttps://jira.atlassian.com/browse/CONFSERVER-79016https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-26134