In-the-Wild Exploitation of Atlassian Confluence OGNL...

Question

In-the-Wild Exploitation of Atlassian Confluence OGNL Injection Vulnerability (CVE-2021-26084)On August 25, Atlassian published a security advisory for a critical vulnerability in its Confluence Server and Data Center solutions. Identified as CVE-2021-26084, the flaw resides in Confluence’s implementation of Webwork. It was assigned a CVSSv3 score of 9.8.Initially, it was believed that the requirements for exploitation would create hurdles for attackers. However, within a week of its disclosure, in-the-wild exploitation attempts were detected, leading to a revision of the advisory and confirmation that an unauthenticated attacker could easily exploit this flaw. We strongly believe organizations should apply these patches immediately.For more information about the vulnerability, including the availability of patches and Tenable product coverage, please visit our blog.

getmanshchuk · Answer

Here is templating error in your link to tenable blog:https://tenable_blog_url/?utm_source=cyber_exposure_alerts_community_title&amp;utm_medium=community&amp;utm_campaign=tenable_community

snarang · Answer

Thanks for catching that, @VOLODYMYR HETMANSHCHUK​&nbsp;I've updated the link.

getmanshchuk · Answer

btw. There are a lot of templating error in your newsletters, especially in subject.. Like [subject_line], see attachment

Vulnerability Watch

Forum Discussion

In-the-Wild Exploitation of Atlassian Confluence OGNL...

3 Replies

Recent Discussions

Frequently Asked Questions About Notepad++ Supply Chain Compromise

Ivanti Endpoint Manager Mobile Zero-Days Exploited (CVE-2026-1281, CVE-2026-1340)

Oracle January 2026 Critical Patch Update Addresses 158 CVEs

CVE-2025-64155: Exploit Code Released for Critical Fortinet FortiSIEM Vulnerability

Microsoft’s January 2026 Patch Tuesday Addresses 113 CVEs (CVE-2026-20805)

Americas

Europe

Asia / Australia