On the 2^nd of June 2022, Atlassian released Confluence Security Advisory 2022-06-02 to disclose that a critical unauthenticated remote code execution vulnerability in Confluence Data Center and Server is under active exploitation. This vulnerability is tracked as CVE-2022-26134.

According to the security advisory, Atlassian is working on a fix and further details about the vulnerability are withheld until that fix is made available (estimated time, by EOD 3th of June PDT) .

Confluence Server and Data Center are affected,Atlassian Cloud sites (accessible via atlassian.net) are unaffected.

Update 4-06-2022

Versions 7.4.17, 7.13.7, 7.14.3, 7.15.2, 7.16.4, 7.17.4 and 7.18.1 contain a fix for this issue.

Organisations that use Confluence Server and/or Data Center are urged to take the following actions until a fix is made available:

• Restricting access to Confluence Server and Data Center instances from the internet.
• Disabling Confluence Server and Data Center instances.

If it is not possible to take the above actions, implementing a WAF (Web Application Firewall) rule which blocks URLs containing ${ may reduce your organisation’s risk.