Confluence OGNL RCE (CVE-2022-26134)
A pre-auth OGNL injection in Atlassian Confluence Server / Data Center that reached active exploitation before the public disclosure.
Definition
CVE-2022-26134 is a pre-authentication OGNL injection in Atlassian Confluence Server and Data Center. A specially crafted URI exposes OGNL expression evaluation, granting unauthenticated remote code execution. The bug was actively exploited before public disclosure in June 2022 and was assigned to CISA's KEV catalog the same day.
Mitigation
Patch Confluence to a fixed version. Block the affected URI path at the WAF as a stopgap.