CVE Stalker: CVE-2021-26084

CVE Details

CVE-2021-26084 Atlassian Confluence Server and Data Center Object-Graph Navigation Language (OGNL) Injection Vulnerability

Published: 2021-11-03 CVSS: 9.8 CRITICAL Product: Atlassian Confluence Server and Data Center Due Date: 2021-11-17

Atlassian Confluence Server and Data Server contain an Object-Graph Navigation Language (OGNL) injection vulnerability that may allow an unauthenticated attacker to execute code.

GitHub PoC

Warning: GitHub PoC repositories are unverified. Some may be fake or contain malware. Use caution and review code before running anything.

Threekiii/Awesome-POC • ⭐ 5015 • 2022-02-20 • Conf: 80.0%
一个漏洞 PoC 知识库。A knowledge base for vulnerability PoCs(Proof of Concept), with 1k+ vulnerabilities.
luck-ying/Library-POC • ⭐ 882 • 2021-03-21 • Conf: 93.0%
基于Pocsuite3、goby编写的漏洞poc&exp存档
r0eXpeR/supplier • ⭐ 803 • 2021-11-08 • Conf: 80.0%
主流供应商的一些攻击性漏洞汇总
hev0x/CVE-2021-26084_Confluence • ⭐ 316 • 2021-09-01 • Conf: 95.0%
Confluence Server Webwork OGNL injection
0xf4n9x/CVE-2021-26084 • ⭐ 72 • 2021-09-01 • Conf: 95.0%
CVE-2021-26084 Remote Code Execution on Confluence Servers

FIRST EPSS

EPSS estimates the probability of exploitation in the next 30 days. Higher values indicate higher likelihood of real-world exploitation.

Timeline

CVE Stalker KEV MITRE GitHub FIRST (EPSS)

MITRE

CVSS

Score: 9.8
Severity: CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation: active
Automatable: yes
Technical Impact: total

References

Show Raw Data

Key	Remaining Key	Value
containers >	cna > affected > 0 > product	Confluence Server
containers >	cna > affected > 0 > vendor	Atlassian
containers >	cna > affected > 0 > versions > 0 > lessThan	6.13.23
containers >	cna > affected > 0 > versions > 0 > status	affected
containers >	cna > affected > 0 > versions > 0 > version	unspecified
containers >	cna > affected > 0 > versions > 0 > versionType	custom
containers >	cna > affected > 0 > versions > 1 > lessThan	unspecified
containers >	cna > affected > 0 > versions > 1 > status	affected
containers >	cna > affected > 0 > versions > 1 > version	6.14.0
containers >	cna > affected > 0 > versions > 1 > versionType	custom
containers >	cna > affected > 0 > versions > 2 > lessThan	7.4.11
containers >	cna > affected > 0 > versions > 2 > status	affected
containers >	cna > affected > 0 > versions > 2 > version	unspecified
containers >	cna > affected > 0 > versions > 2 > versionType	custom
containers >	cna > affected > 0 > versions > 3 > lessThan	unspecified
containers >	cna > affected > 0 > versions > 3 > status	affected
containers >	cna > affected > 0 > versions > 3 > version	7.5.0
containers >	cna > affected > 0 > versions > 3 > versionType	custom
containers >	cna > affected > 0 > versions > 4 > lessThan	7.11.6
containers >	cna > affected > 0 > versions > 4 > status	affected
containers >	cna > affected > 0 > versions > 4 > version	unspecified
containers >	cna > affected > 0 > versions > 4 > versionType	custom
containers >	cna > affected > 0 > versions > 5 > lessThan	unspecified
containers >	cna > affected > 0 > versions > 5 > status	affected
containers >	cna > affected > 0 > versions > 5 > version	7.12.0
containers >	cna > affected > 0 > versions > 5 > versionType	custom
containers >	cna > affected > 0 > versions > 6 > lessThan	7.12.5
containers >	cna > affected > 0 > versions > 6 > status	affected
containers >	cna > affected > 0 > versions > 6 > version	unspecified
containers >	cna > affected > 0 > versions > 6 > versionType	custom
containers >	cna > affected > 1 > product	Confluence Data Center
containers >	cna > affected > 1 > vendor	Atlassian
containers >	cna > affected > 1 > versions > 0 > lessThan	6.13.23
containers >	cna > affected > 1 > versions > 0 > status	affected
containers >	cna > affected > 1 > versions > 0 > version	unspecified
containers >	cna > affected > 1 > versions > 0 > versionType	custom
containers >	cna > affected > 1 > versions > 1 > lessThan	unspecified
containers >	cna > affected > 1 > versions > 1 > status	affected
containers >	cna > affected > 1 > versions > 1 > version	6.14.0
containers >	cna > affected > 1 > versions > 1 > versionType	custom
containers >	cna > affected > 1 > versions > 2 > lessThan	7.4.11
containers >	cna > affected > 1 > versions > 2 > status	affected
containers >	cna > affected > 1 > versions > 2 > version	unspecified
containers >	cna > affected > 1 > versions > 2 > versionType	custom
containers >	cna > affected > 1 > versions > 3 > lessThan	unspecified
containers >	cna > affected > 1 > versions > 3 > status	affected
containers >	cna > affected > 1 > versions > 3 > version	7.5.0
containers >	cna > affected > 1 > versions > 3 > versionType	custom
containers >	cna > affected > 1 > versions > 4 > lessThan	7.11.6
containers >	cna > affected > 1 > versions > 4 > status	affected
containers >	cna > affected > 1 > versions > 4 > version	unspecified
containers >	cna > affected > 1 > versions > 4 > versionType	custom
containers >	cna > affected > 1 > versions > 5 > lessThan	unspecified
containers >	cna > affected > 1 > versions > 5 > status	affected
containers >	cna > affected > 1 > versions > 5 > version	7.12.0
containers >	cna > affected > 1 > versions > 5 > versionType	custom
containers >	cna > affected > 1 > versions > 6 > lessThan	7.12.5
containers >	cna > affected > 1 > versions > 6 > status	affected
containers >	cna > affected > 1 > versions > 6 > version	unspecified
containers >	cna > affected > 1 > versions > 6 > versionType	custom
containers >	cna > datePublic	2021-08-10T00:00:00.000Z
containers >	cna > descriptions > 0 > lang	en
containers >	cna > descriptions > 0 > value	In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
containers >	cna > problemTypes > 0 > descriptions > 0 > description	Remote Code Execution
containers >	cna > problemTypes > 0 > descriptions > 0 > lang	en
containers >	cna > problemTypes > 0 > descriptions > 0 > type	text
containers >	cna > providerMetadata > dateUpdated	2022-06-08T17:06:12.000Z
containers >	cna > providerMetadata > orgId	f08a6ab8-ed46-4c22-8884-d911ccfe3c66
containers >	cna > providerMetadata > shortName	atlassian
containers >	cna > references > 0 > tags > 0	x_refsource_MISC
containers >	cna > references > 0 > url	https://jira.atlassian.com/browse/CONFSERVER-67940
containers >	cna > references > 1 > tags > 0	x_refsource_MISC
containers >	cna > references > 1 > url	http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html
containers >	cna > x_legacyV4Record > CVE_data_meta > ASSIGNER	[email protected]
containers >	cna > x_legacyV4Record > CVE_data_meta > DATE_PUBLIC	2021-08-10T00:00:00
containers >	cna > x_legacyV4Record > CVE_data_meta > ID	CVE-2021-26084
containers >	cna > x_legacyV4Record > CVE_data_meta > STATE	PUBLIC
containers >	cna > x_legacyV4Record > affects > vendor > vendor_data > 0 > product > product_data > 0 > product_name	Confluence Server
containers >	cna > x_legacyV4Record > affects > vendor > vendor_data > 0 > product > product_data > 0 > version > version_data > 0 > version_affected	<
containers >	cna > x_legacyV4Record > affects > vendor > vendor_data > 0 > product > product_data > 0 > version > version_data > 0 > version_value	6.13.23
containers >	cna > x_legacyV4Record > affects > vendor > vendor_data > 0 > product > product_data > 0 > version > version_data > 1 > version_affected	>=
containers >	cna > x_legacyV4Record > affects > vendor > vendor_data > 0 > product > product_data > 0 > version > version_data > 1 > version_value	6.14.0
containers >	cna > x_legacyV4Record > affects > vendor > vendor_data > 0 > product > product_data > 0 > version > version_data > 2 > version_affected	<
containers >	cna > x_legacyV4Record > affects > vendor > vendor_data > 0 > product > product_data > 0 > version > version_data > 2 > version_value	7.4.11
containers >	cna > x_legacyV4Record > affects > vendor > vendor_data > 0 > product > product_data > 0 > version > version_data > 3 > version_affected	>=
containers >	cna > x_legacyV4Record > affects > vendor > vendor_data > 0 > product > product_data > 0 > version > version_data > 3 > version_value	7.5.0
containers >	cna > x_legacyV4Record > affects > vendor > vendor_data > 0 > product > product_data > 0 > version > version_data > 4 > version_affected	<
containers >	cna > x_legacyV4Record > affects > vendor > vendor_data > 0 > product > product_data > 0 > version > version_data > 4 > version_value	7.11.6
containers >	cna > x_legacyV4Record > affects > vendor > vendor_data > 0 > product > product_data > 0 > version > version_data > 5 > version_affected	>=
containers >	cna > x_legacyV4Record > affects > vendor > vendor_data > 0 > product > product_data > 0 > version > version_data > 5 > version_value	7.12.0
containers >	cna > x_legacyV4Record > affects > vendor > vendor_data > 0 > product > product_data > 0 > version > version_data > 6 > version_affected	<
containers >	cna > x_legacyV4Record > affects > vendor > vendor_data > 0 > product > product_data > 0 > version > version_data > 6 > version_value	7.12.5
containers >	cna > x_legacyV4Record > affects > vendor > vendor_data > 0 > product > product_data > 1 > product_name	Confluence Data Center
containers >	cna > x_legacyV4Record > affects > vendor > vendor_data > 0 > product > product_data > 1 > version > version_data > 0 > version_affected	<
containers >	cna > x_legacyV4Record > affects > vendor > vendor_data > 0 > product > product_data > 1 > version > version_data > 0 > version_value	6.13.23
containers >	cna > x_legacyV4Record > affects > vendor > vendor_data > 0 > product > product_data > 1 > version > version_data > 1 > version_affected	>=
containers >	cna > x_legacyV4Record > affects > vendor > vendor_data > 0 > product > product_data > 1 > version > version_data > 1 > version_value	6.14.0
containers >	cna > x_legacyV4Record > affects > vendor > vendor_data > 0 > product > product_data > 1 > version > version_data > 2 > version_affected	<
containers >	cna > x_legacyV4Record > affects > vendor > vendor_data > 0 > product > product_data > 1 > version > version_data > 2 > version_value	7.4.11
containers >	cna > x_legacyV4Record > affects > vendor > vendor_data > 0 > product > product_data > 1 > version > version_data > 3 > version_affected	>=
containers >	cna > x_legacyV4Record > affects > vendor > vendor_data > 0 > product > product_data > 1 > version > version_data > 3 > version_value	7.5.0
containers >	cna > x_legacyV4Record > affects > vendor > vendor_data > 0 > product > product_data > 1 > version > version_data > 4 > version_affected	<
containers >	cna > x_legacyV4Record > affects > vendor > vendor_data > 0 > product > product_data > 1 > version > version_data > 4 > version_value	7.11.6
containers >	cna > x_legacyV4Record > affects > vendor > vendor_data > 0 > product > product_data > 1 > version > version_data > 5 > version_affected	>=
containers >	cna > x_legacyV4Record > affects > vendor > vendor_data > 0 > product > product_data > 1 > version > version_data > 5 > version_value	7.12.0
containers >	cna > x_legacyV4Record > affects > vendor > vendor_data > 0 > product > product_data > 1 > version > version_data > 6 > version_affected	<
containers >	cna > x_legacyV4Record > affects > vendor > vendor_data > 0 > product > product_data > 1 > version > version_data > 6 > version_value	7.12.5
containers >	cna > x_legacyV4Record > affects > vendor > vendor_data > 0 > vendor_name	Atlassian
containers >	cna > x_legacyV4Record > data_format	MITRE
containers >	cna > x_legacyV4Record > data_type	CVE
containers >	cna > x_legacyV4Record > data_version	4.0
containers >	cna > x_legacyV4Record > description > description_data > 0 > lang	eng
containers >	cna > x_legacyV4Record > description > description_data > 0 > value	In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
containers >	cna > x_legacyV4Record > problemtype > problemtype_data > 0 > description > 0 > lang	eng
containers >	cna > x_legacyV4Record > problemtype > problemtype_data > 0 > description > 0 > value	Remote Code Execution
containers >	cna > x_legacyV4Record > references > reference_data > 0 > name	https://jira.atlassian.com/browse/CONFSERVER-67940
containers >	cna > x_legacyV4Record > references > reference_data > 0 > refsource	MISC
containers >	cna > x_legacyV4Record > references > reference_data > 0 > url	https://jira.atlassian.com/browse/CONFSERVER-67940
containers >	cna > x_legacyV4Record > references > reference_data > 1 > name	http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html
containers >	cna > x_legacyV4Record > references > reference_data > 1 > refsource	MISC
containers >	cna > x_legacyV4Record > references > reference_data > 1 > url	http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html
containers >	adp > 0 > providerMetadata > orgId	af854a3a-2127-422b-91ae-364da2661108
containers >	adp > 0 > providerMetadata > shortName	CVE
containers >	adp > 0 > providerMetadata > dateUpdated	2024-08-03T20:19:19.592Z
containers >	adp > 0 > title	CVE Program Container
containers >	adp > 0 > references > 0 > tags > 0	x_refsource_MISC
containers >	adp > 0 > references > 0 > tags > 1	x_transferred
containers >	adp > 0 > references > 0 > url	https://jira.atlassian.com/browse/CONFSERVER-67940
containers >	adp > 0 > references > 1 > tags > 0	x_refsource_MISC
containers >	adp > 0 > references > 1 > tags > 1	x_transferred
containers >	adp > 0 > references > 1 > url	http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html
containers >	adp > 1 > problemTypes > 0 > descriptions > 0 > type	CWE
containers >	adp > 1 > problemTypes > 0 > descriptions > 0 > cweId	CWE-917
containers >	adp > 1 > problemTypes > 0 > descriptions > 0 > lang	en
containers >	adp > 1 > problemTypes > 0 > descriptions > 0 > description	CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
containers >	adp > 1 > references > 0 > url	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-26084
containers >	adp > 1 > references > 0 > tags > 0	government-resource
containers >	adp > 1 > metrics > 0 > cvssV3_1 > scope	UNCHANGED
containers >	adp > 1 > metrics > 0 > cvssV3_1 > version	3.1
containers >	adp > 1 > metrics > 0 > cvssV3_1 > baseScore	9.8
containers >	adp > 1 > metrics > 0 > cvssV3_1 > attackVector	NETWORK
containers >	adp > 1 > metrics > 0 > cvssV3_1 > baseSeverity	CRITICAL
containers >	adp > 1 > metrics > 0 > cvssV3_1 > vectorString	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
containers >	adp > 1 > metrics > 0 > cvssV3_1 > integrityImpact	HIGH
containers >	adp > 1 > metrics > 0 > cvssV3_1 > userInteraction	NONE
containers >	adp > 1 > metrics > 0 > cvssV3_1 > attackComplexity	LOW
containers >	adp > 1 > metrics > 0 > cvssV3_1 > availabilityImpact	HIGH
containers >	adp > 1 > metrics > 0 > cvssV3_1 > privilegesRequired	NONE
containers >	adp > 1 > metrics > 0 > cvssV3_1 > confidentialityImpact	HIGH
containers >	adp > 1 > metrics > 1 > other > type	ssvc
containers >	adp > 1 > metrics > 1 > other > content > timestamp	2025-12-16T18:01:22.351686Z
containers >	adp > 1 > metrics > 1 > other > content > id	CVE-2021-26084
containers >	adp > 1 > metrics > 1 > other > content > options > 0 > Exploitation	active
containers >	adp > 1 > metrics > 1 > other > content > options > 1 > Automatable	yes
containers >	adp > 1 > metrics > 1 > other > content > options > 2 > Technical Impact	total
containers >	adp > 1 > metrics > 1 > other > content > role	CISA Coordinator
containers >	adp > 1 > metrics > 1 > other > content > version	2.0.3
containers >	adp > 1 > metrics > 2 > other > type	kev
containers >	adp > 1 > metrics > 2 > other > content > dateAdded	2021-11-03
containers >	adp > 1 > metrics > 2 > other > content > reference	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-26084
containers >	adp > 1 > title	CISA ADP Vulnrichment
containers >	adp > 1 > providerMetadata > orgId	134c704f-9b21-4f2e-91b3-4a467353bcc0
containers >	adp > 1 > providerMetadata > shortName	CISA-ADP
containers >	adp > 1 > providerMetadata > dateUpdated	2025-12-16T18:04:05.834Z
cveMetadata >	assignerOrgId	f08a6ab8-ed46-4c22-8884-d911ccfe3c66
cveMetadata >	assignerShortName	atlassian
cveMetadata >	cveId	CVE-2021-26084
cveMetadata >	datePublished	2021-08-30T06:30:14.248Z
cveMetadata >	dateReserved	2021-01-25T00:00:00.000Z
cveMetadata >	dateUpdated	2025-12-16T18:04:05.834Z
cveMetadata >	state	PUBLISHED
dataType		CVE_RECORD
dataVersion		5.2