CVE-2022-26134
Atlassian Confluence Server and Data Center OGNL injection vulnerability. Critical RCE vulnerability that does not require authentication.
Vulnerability Profile
CVSS Score
9.8 / 10.0
Severity
Critical
Exploitation Status
⚠ Active Exploitation
Patch Status
✓ Patch Available
Affected Software
Confluence Server ve Data Center
Exploitation Method
OGNL Injection RCE
MITRE ATT&CK
T1190 - Exploit Public-Facing Application
CVE-2022-26134 Atlassian Confluence OGNL injection. Pre-auth RCE ile cevre degiskenlerinden arbitrary OGNL ifadeler calistirilabiliyor. XWorm ve Cobalt Strike beacon konuslandirmalari gozlemlendi. PoC 72 saat icerisinde yayina girdi.