Share
## https://sploitus.com/exploit?id=D7156AA8-9DED-5B2F-BC9B-861942C4B3B6
# CVE-2022-26134

> A pre-authenticated RCE vulnerability in Atlassian Confluence

## Summary of the CVE

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance.

## Affected Versions

- Atlassian Confluence Server
- Atlassian Confluence Data Center
- Versions > 1.3.0 (< 7.4.17, < 7.13.7, < 7.14.3, < 7.15.2, < 7.16.4, < 7.17.4, < 7.18.1) (Note: these are all individual versions, basically all versions upto 7.4.17 are vulnerable, but 7.13.6 is not a newer than 7.4.x -> also vulnerable)

## References

- [Github POC - Samy Younsi, Jun 3 2022](https://github.com/Nwqda/CVE-2022-26134)
- [0-day vulnerarbility CVE-2022-26134 in Atlassian Confluence Software - guenni,  June 03 2022](https://borncity.com/win/2022/06/03/0-day-schwachstelle-cve-2022-26134-in-atlassian-confluence-software/)
- [CVE-details - CVSS Score N/A](https://www.cvedetails.com/cve/CVE-2022-26134/)