Security advisories

CVE-2022-26134 – Confluence Zero-Day Vulnerability

June 3, 2022 | 2 MINS READ

Speak With A Security Expert Now

TALK TO AN EXPERT

THE THREAT

On June 2nd, 2022, Atlassian disclosed a critical vulnerability impacting the Confluence collaboration tool, tracked as CVE-2022-26134; active exploitation of the vulnerability has been confirmed. CVE-2022-26134 is an unauthenticated Remote Code Execution (RCE) vulnerability that impacts all supported versions of Confluence Server and Data Center. Exploitation of this vulnerability would allow an unauthenticated and remote actor to execute code on vulnerable devices, potentially leading to the deployment of malware or the exfiltration of sensitive data.

At this time, security patches to address CVE-2022-26134 are not available. Atlassian has stated that patches will be released by end-of-day June 3rd, 2022. The current recommendations for organizations employing Confluence Server or Data Center are to restrict access from the internet or disable the instances; it should be noted that both recommendations may cause disruptions to standard business procedures.

What we’re doing about it

What you should do about it

Additional information

Technical details relating to CVE-2022-26134 are currently limited as Atlassian is not releasing additional information until after security patches are made available. While not yet confirmed, it is likely that all versions of Confluence Server and Data Center are impacted, including out of support versions. The vulnerability does not impact Confluence Cloud.

CVE-2022-26134 was initially discovered by Volexity. According to the company, attacks exploiting the vulnerability were first identified on the Memorial Day weekend (May 28th-30th). Attacks observed by Volexity resulted in the deployment of the open-source webshell BEHINDER, a file upload webshell, and the China Chopper webshell. According to Volexity, multiple threat actor groups are believed to be exploiting the vulnerability in real-world attacks.

References:

[1] https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html
[2] https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html
[3] https://www.volexity.com/blog/2022/06/02/zero-day-exploitation-of-atlassian-confluence/

View Most Recent Advisories