Is CVE-2022-26133 known to be exploited?

38 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Atlassian Bitbucket Data Center

CVE-2022-26133

SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior to 7.19.4, and 7.20.0 allow a remote, un…

EPSS: 0.814 (99.2th percentile) — read the EPSS interpretation.

Affected products

Atlassian Bitbucket Data Center — versions 5.14.0, unspecified, 7.7.0

Public proof-of-concept exploits

Pear1y/CVE-2022-26133
abbarhissarh/CVE-2022-26133
0xAbbarhSF/CVE-2022-26133
0xStarFord/CVE-2022-26133
20142995/Goby
ARPSyndicate/cve-scores
ARPSyndicate/cvemon
AdeliaNitzsche/Java-Deserialization-Cheat-Sheet
BrittanyKuhn/javascript-tutorial
GrrrDog/Java-Deserialization-Cheat-Sheet

References

jira.atlassian.com/browse/BSERV-13173 (x_refsource_MISC)
confluence.atlassian.com/security/multiple-products-security-advisory-hazelcast… (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-26133?: CVE-2022-26133 is a vulnerability in Atlassian Bitbucket Data Center. Published 2022-04-20.
Is CVE-2022-26133 known to be exploited?: 38 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.