← back
CVE-2021-26084

CVE-2021-26084

CVSS 9.8 CRITICALEPSS 100.0%● KEVCWE-917
In short

A vulnerability in Confluence allows attackers to run malicious code on the server without needing to log in. This happens because the software doesn't properly validate user input when processing expressions, giving attackers a way to execute commands directly.

Technical detail

An OGNL injection vulnerability (CWE-917) in Confluence Server and Data Center allows unauthenticated remote code execution through improper input validation. The attack vector is network-based and requires no authentication; affected versions fail to sanitize user-supplied expressions before processing them in the OGNL engine, enabling arbitrary command execution.

Summary generated and translated by AI from the official description.
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Atlassian · Confluence Data CenterAtlassian · Confluence Server
public PoCs found37
githubgithub.com/hev0x/CVE-2021-26084_Confluence316githubgithub.com/0xf4n9x/CVE-2021-2608472githubgithub.com/alt3kx/CVE-2021-26084_PoC53githubgithub.com/dinhbaouit/CVE-2021-2608453githubgithub.com/1ZRR4H/CVE-2021-2608430githubgithub.com/crowsec-edtech/CVE-2021-2608421githubgithub.com/Vulnmachines/Confluence_CVE-2021-260848githubgithub.com/taythebot/CVE-2021-260848githubgithub.com/lleavesl/CVE-2021-260847githubgithub.com/JKme/CVE-2021-260845githubgithub.com/BBD-YZZ/Confluence-RCE5githubgithub.com/orangmuda/CVE-2021-260844githubgithub.com/BeRserKerSec/CVE-2021-26084-Nuclei-template3githubgithub.com/ludy-dev/CVE-2021-26084_PoC3githubgithub.com/Loneyers/CVE-2021-260843githubgithub.com/toowoxx/docker-confluence-patched2githubgithub.com/nizar0x1f/CVE-2021-26084-patch-1githubgithub.com/TheclaMcentire/CVE-2021-26084_Confluence1githubgithub.com/Jun-5heng/CVE-2021-260841githubgithub.com/prettyrecon/CVE-2021-26084_Confluence1githubgithub.com/GlennPegden2/cve-2021-26084-confluence1githubgithub.com/nahcusira/CVE-2021-260841githubgithub.com/bcdannyboy/CVE-2021-26084_GoPOC1githubgithub.com/CrackerCat/CVE-2021-260840githubgithub.com/Xc1Ym/cve_2021_260840githubgithub.com/wolf1892/confluence-rce-poc0githubgithub.com/attacker-codeninja/CVE-2021-260840githubgithub.com/Osyanina/westone-CVE-2021-26084-scanner0githubgithub.com/b1gw00d/CVE-2021-260840githubgithub.com/smallpiggy/cve-2021-26084-confluence0githubgithub.com/maskerTUI/CVE-2021-260840githubgithub.com/p0nymc1/CVE-2021-260840githubgithub.com/wdjcy/CVE-2021-260840githubgithub.com/quesodipesto/conflucheck0githubgithub.com/30579096/Confluence-CVE-2021-260840cve_referencepacketstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.htmlunverifiedexploitdbwww.exploit-db.com/exploits/50243unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.htmlhttps://jira.atlassian.com/browse/CONFSERVER-67940https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-26084