VYPR
Unrated severityCISA KEVNVD Advisory· Published Jun 3, 2022· Updated Oct 21, 2025

CVE-2022-26134

CVE-2022-26134

Description

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Atlassian/Confluencellm-fuzzy2 versions
    >=1.3.0, <7.4.17; >=7.13.0, <7.13.7; >=7.14.0, <7.14.3; >=7.15.0, <7.15.2; >=7.16.0, <7.16.4; >=7.17.0, <7.17.4; >=7.18.0, <7.18.1+ 1 more
    • (no CPE)range: >=1.3.0, <7.4.17; >=7.13.0, <7.13.7; >=7.14.0, <7.14.3; >=7.15.0, <7.15.2; >=7.16.0, <7.16.4; >=7.17.0, <7.17.4; >=7.18.0, <7.18.1
    • (no CPE)range: next of 1.3.0
  • Range: next of 1.3.0

Patches

Vulnerability mechanics

References

6

News mentions

1