Atlassian Releases New Versions of Confluence Server and Data Center to Address CVE26134

06/03/2022 01:42 PM EDT

Original release date: June 3, 2022

Atlassian has released new Confluence Server and Data Center versions to address remote code execution vulnerability CVE-2022-26134 affecting these products. An unauthenticated remote attacker could exploit this vulnerability to execute code remotely. Atlassian reports that there is known exploitation of tmhis vulnerability..

CISA strongly urges organizations to review Confluence Security Advisory 2022-06-02 and upgrade Confluence Server and Confluence Data Center.

Note: per BOD 22-01 Catalog of Known Exploited Vulnerabilities, federal agencies are required to immediately block all internet traffic to and from Atlassian’s Confluence Server and Data Center products AND either apply the software update to all affected instances OR remove the affected products by 5 pm ET on Monday, June 6, 2022.

This product is provided subject to this Notification and this Privacy & Use policy.

Atlassian Releases Security Updates for Confluence Server and Data Center, CVE26134

06/02/2022 07:00 PM EDT

Original release date: June 2, 2022

Atlassian has released a security advisory to address a remote code execution vulnerability (CVE-2022-26134) affecting Confluence Server and Data Center products. An unauthenticated remote attacker could exploit this vulnerability to execute code remotely. Atlassian reports that there is known exploitation of this vulnerability.

There are currently no updates available. Atlassian is working to issue an update. CISA strongly recommends that organizations review Confluence Security Advisory 2022-06-02 for more information. CISA urges organizations with affected Atlassian’s Confluence Server and Data Center products to block all internet traffic to and from those devices until an update is available and successfully applied.

This product is provided subject to this Notification and this Privacy & Use policy.