Detections
Analytics

CVE-2021-26084

critical

Description

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.

References

https://securityaffairs.com/185779/cyber-warfare-2/russian-state-hackers-targeted-western-critical-infrastructure-for-years-amazon-says.html

https://www.securityweek.com/amazon-russian-hackers-now-favor-misconfigurations-in-critical-infrastructure-attacks/

https://www.infosecurity-magazine.com/news/amazon-russian-gru-hackers-target/

https://thehackernews.com/2025/12/amazon-exposes-years-long-gru-cyber.html

https://cyberscoop.com/amazon-threat-intel-russia-attacks-energy-sector-sandworm-apt44/

https://www.theregister.com/2025/12/15/amazon_ongoing_gru_campaign/

https://aws.amazon.com/blogs/security/amazon-threat-intelligence-identifies-russian-cyber-threat-group-targeting-western-critical-infrastructure/

https://www.edgescan.com/wp-content/uploads/2024/03/2023-Vulnerability-Statistics-Report.pdf

https://securelist.com/exploits-and-vulnerabilities-q3-2024/114839/

https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-317a

https://www.wsj.com/politics/national-security/u-s-allies-issue-rare-warning-on-chinese-hacking-group-9eebb0ce

https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-190a

https://www.greynoise.io/blog/spike-in-atlassian-exploitation-attempts-patching-is-crucial

https://www.imperva.com/blog/imperva-detects-undocumented-8220-gang-activities/?web_view=true

https://www.microsoft.com/en-us/security/blog/2023/06/14/cadet-blizzard-emerges-as-a-novel-and-distinct-russian-threat-actor/

https://www.tenable.com/cyber-exposure/a-look-inside-the-ransomware-ecosystem

https://www.tenable.com/cyber-exposure/2021-threat-landscape-retrospective

https://www.microsoft.com/en-us/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/

https://therecord.media/confluence-and-gitlab-servers-targeted-by-new-ransomware-strain

https://web.archive.org/web/20211025233339/https://twitter.com/pancak3lullz/status/1452679527197560837

https://www.cisa.gov/sites/default/files/2024-09/aa24-249a-russian-military-cyber-actors-target-us-and-global-critical-infrastructure.pdf

https://www.tenable.com/blog/aa23-215a-2022s-top-routinely-exploited-vulnerabilities

https://www.tenable.com/blog/cisa-top-20-cves-exploited-peoples-republic-of-china-state-sponsored-actors-aa22-279a

https://www.tenable.com/blog/examining-the-treat-landscape

https://www.tenable.com/blog/cve-2021-26084-atlassian-confluence-ognl-injection-vulnerability-exploited-in-the-wild

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-26084

https://jira.atlassian.com/browse/CONFSERVER-67940

http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html

Details

Source: Mitre, NVD

Published: 2021-08-30

Updated: 2025-10-24

Named Vulnerability: ConfluenzaKnown Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.9444