Critical vulnerability in Atlassian Confluence

Atlassian published a security advisory for the vulnerability CVE-2022-26134, which is a critical unauthenticated remote code execution vulnerability in Confluence Server and Data Center.

Vulnerability: CVE-2022-26134

Severity: Critical

On June 2, 2022, Atlassian, developer of tools such as Jira and Trello, published a security advisory for the vulnerability CVE-2022-26134. This is a critical unauthenticated remote code execution vulnerability in Confluence Server and Data Center. The vulnerability is rated as critical and can be easily exploited.

Which versions are affected?

All versions of Confluence Server and Data Center prior to the fixed versions listed below are affected by this vulnerability.

Patches

Atlassian recommends upgrading to the latest long-term support version. For a detailed description of the latest version, please view the Confluence Server and Data Center release notes.

The following versions contain the patch for the vulnerability:

  • 7.4.17

  • 7.13.7

  • 7.14.3

  • 7.15.2

  • 7.16.4

  • 7.17.4

  • 7.18.1

You can download the latest version from the Download Center.

Vulnerability detection

After announcement of the new vulnerability, our go.lywand.com platform was updated.

The vulnerability can be identified in the course of lywand's security audits.

More info

https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html

https://www.volexity.com/blog/2022/06/02/zero-day-exploitation-of-atlassian-confluence/

https://www.rapid7.com/blog/post/2022/06/02/active-exploitation-of-confluence-cve-2022-26134/

Bernhard Schildendorfer

June 3, 2022

Category

Guide

Might be also Interesting

Guide

NIS2 in Practice: What Managed Service Providers Need to Know Now

The NIS2 Directive places new demands on companies throughout Europe and simultaneously raises expectations of their IT service providers. In addition to technical measures, the focus is shifting to transparency and verifiability. This article shows what this means in concrete terms and how the requirements can be implemented in practice.

April 20, 2026

Guide

Lywand vs. RMM – Differences & Why the Combination is Essential

RMM tools are indispensable when it comes to ensuring stable and efficient IT operations. However, when it comes to IT security, they quickly reach their limits. Find out why a vulnerability management system is the ideal addition—and how MSPs can use it to strengthen their services in the long term.

September 10, 2025

Guide

Patch management under control? The reality often shows something different.

How a security audit uncovered unexpected weaknesses in patch management - and was the start of a sustainable security strategy.

April 29, 2025