← Back

CVE-2021-26084

nvd nistnuclei
Published: Aug 30, 2021Modified: Oct 24, 2025CISA KEV

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.

Affected (8)

Atlassian
2 products
Confluence Data Center
Confluence Server
Configuration A
8 vulnerable
Vulnerable SoftwareAffected Versions
Atlassian
Confluence Data Center
Before 6.13.23
Confluence Data Center
From 6.14.0 to 7.4.11
Confluence Data Center
From 7.12.0 to 7.12.5
Confluence Data Center
From 7.5.0 to 7.11.6
Atlassian
Confluence Server
Before 6.13.23
Confluence Server
From 6.14.0 to 7.4.11
Confluence Server
From 7.12.0 to 7.12.5
Confluence Server
From 7.5.0 to 7.11.6

Related CWEs

CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
The product constructs all or part of an expression language (EL) statement in a framework such as a Java Server Page (JSP) using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended EL statement before it is executed.

References (5)

Source: security@atlassian.com
ExploitThird Party AdvisoryVDB Entry
Source: security@atlassian.com
Issue TrackingPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatchVendor Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource

Timeline

No history available yet.