Unauthenticated remote code execution vulnerability in Confluence Server and Data Center
Description
CVE-2022-26134 is a critical OGNL (Object-Graph Navigation Language) injection vulnerability affecting all versions of Atlassian Confluence Server and Data Center. This vulnerability allows completely unauthenticated attackers to execute arbitrary code remotely without any user interaction. Atlassian confirmed active exploitation of this vulnerability in the wild, making immediate patching essential for all affected installations.
Remediation
Immediately upgrade Confluence Server or Data Center to one of the following patched versions: 7.4.17, 7.13.7, 7.14.3, 7.15.2, 7.16.4, 7.17.4, or 7.18.1 (or any later version).
Remediation steps:
1. Identify all Confluence Server and Data Center instances in your environment
2. Back up your Confluence installation and database before upgrading
3. Review the Atlassian upgrade guide for your specific version path
4. Apply the appropriate patch version based on your current installation
5. After patching, review system logs and monitor for any indicators of compromise, as this vulnerability has been actively exploited
6. If immediate patching is not possible, consider temporarily restricting network access to Confluence instances to trusted IP addresses only as an interim mitigation
Refer to the official Atlassian Security Advisory for detailed upgrade instructions and additional security guidance.