Exploit for Expression Language Injection in Atlassian Confluence_Data_Center CVE-2022-26134

Name: Exploit for Expression Language Injection in Atlassian Confluence_Data_Center CVE-2022-26134
Rating: 5 (151 reviews)

2025-06-09 | CVSS 9.8

## https://sploitus.com/exploit?id=C3CF02C8-6A59-52E3-A803-D9340878BF88
# CVE-2022-26134
On May the 30th, 2022, an organisation named Volexity identified an un-authenticated RCE vulnerability (scoring 9.8 on NIST) within Atlassian's Confluence Server and Data Center editions (Vulnerable Version > 7.18.1)



### Run
```bash
python -m venv venv
source venv/bin/activate
pip install -r requirements.txt
python CVE-2022-26134.py http://xxx.xxx.xxx.xxx:8090/ "id"
```



## References

- [How I Hacked a Fortune 500 Company in 48 Hours and Got Data on 30,000,000 Users](https://legacy0x1.medium.com/how-i-hacked-a-fortune-500-company-in-48-hours-and-got-data-on-30-000-000-users-035c8723be96) – by Legacy0x1  
- [CVE-2022-26134 TryHackMe Room Walkthrough](https://medium.com/@aybala.sevinc/cve-2022-26134-room-tryhackme-2107f5bf2fa7) – by Aybala Sevinc
- [Detection and Guidance for the Confluence CVE-2022-26134 Zero-Day](https://www.darktrace.com/blog/detection-and-guidance-for-the-confluence-cve-2022-26134-zero-day)