CVE-2021-26084

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 30, 2021

Updated: Aug 8, 2023

CWE ID 917

Summary

CVE-2021-26084 is a critical vulnerability affecting Confluence Server and Data Center versions before 6.13.23, 6.14.0-7.4.10, 7.5.0-7.11.5, and 7.12.0-7.12.4. An attacker can exploit this OGNL injection vulnerability without authentication to execute arbitrary code on impacted Confluence instances. This poses a significant risk to Confluence users, as successful exploitation could lead to data theft, unauthorized system access, or system compromise. Upgrading to the latest versions of Confluence is recommended to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/jn1a-7
https://www.cve.org/CVERecord?id=CVE-2021-26084
https://nvd.nist.gov/vuln/detail/CVE-2021-26084

Back to Vulnerability Database

CVE-2021-26084

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations