Actively exploited vulnerability

CVE-2022-26134: Atlassian Confluence Server and Data Center Remote Code Execution Vulnerability

Atlassian Confluence Server and Data Center contain a remote code execution vulnerability that allows for an unauthenticated attacker to perform remote code execution.

CISA KEV source 2 Jun 2022 added 6 Jun 2022 remediation due

Affected product

Atlassian ยท Confluence Server/Data Center

Known ransomware use: Known

Required action

Follow the source advisory and validate exposure in your environment.

Immediately block all internet traffic to and from affected products AND apply the update per vendor instructions [https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html] OR remove the affected products by the due date on the right. Note: Once the update is successfully deployed, agencies can reassess the internet blocking rules.

Related Yasna coverage

Recent reporting that mentions CVE-2022-26134.