Confluence Server Webwork OGNL Injection

  • facebook share link
  • twitter share link
  • linkedin share link
  • mail share link

Date of Notice: 9/2/2021

Action Level -Critical


MCNC would like to make you aware of a CRITICAL severity Confluence vulnerability that should be patched immediately.

CVE-2021-26084 is a remote code injection vulnerability affecting many versions of Confluence and is scored a 9.8/10. Further this vulnerability is actively being exploited.

Affected Devices

Various versions of Confluence preceding the following patched versions:

  • 6.13.23
  • 7.4.11
  • 7.11.6
  • 7.12.5
  • 7.13.0

The full list of affected versions is on Atlassian's webpage, here.

Attack Vector

Attackers with network access to the Confluence server.

Attack Feasibility

This vulnerability is actively being exploited, the feasibility of an internet facing Confluence server being exploited is high.


Confluence has a powershell script to mitigate if absolutely unable to patch/upgrade. It is on their page under mitigations, here.


Upgrade/patch to a secure version of Confluence.

<-- Return to Cybersecurity Alerts...

PO Box 12889
3021 East Cornwallis Road
RTP, NC 27709-2889
919-248-1900 Phone | 919-248-1101 Fax
Connect With Us
  • linkedin
  • instagram
  • x
  • facebook
  • youtube
© 2024 MCNC