CVE-2021-26084
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- January 25, 2021
- Published Date
- August 30, 2021
- Last Updated
- February 04, 2025
- Vendor
- Atlassian
- Product
- Confluence Server, Confluence Data Center
- Description
- In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
CVSS Scores
SSVC Information
- Exploitation
- active
- Automatable
- Yes
- Technical Impact
- total
References
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2021-11-03 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/atlassian_confluence_webwork_ognl_injection.rb | 2025-04-29 11:01:20 UTC |
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-26084.yaml | 2025-04-26 00:00:00 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
atlassian_confluence_webwork_ognl_injection
Type: metasploit • Created: Unknown
ZZ-SOCMAP/CVE-2021-26084
Type: github • Created: 2022-01-13 06:29:51 UTC • Stars: 8
lleavesl/CVE-2021-26084
Type: github • Created: 2021-10-26 06:01:38 UTC • Stars: 7
orangmuda/CVE-2021-26084
Type: github • Created: 2021-10-06 23:24:24 UTC • Stars: 4
ludy-dev/CVE-2021-26084_PoC
Type: github • Created: 2021-09-18 07:33:24 UTC • Stars: 3
attacker-codeninja/CVE-2021-26084
Type: github • Created: 2021-09-09 09:29:24 UTC • Stars: 0
1ZRR4H/CVE-2021-26084
Type: github • Created: 2021-09-07 01:15:16 UTC • Stars: 30
smadi0x86/CVE-2021-26084
Type: github • Created: 2021-09-05 09:27:55 UTC • Stars: 6
Loneyers/CVE-2021-26084
Type: github • Created: 2021-09-03 07:41:36 UTC • Stars: 3
maskerTUI/CVE-2021-26084
Type: github • Created: 2021-09-02 07:05:23 UTC • Stars: 0
taythebot/CVE-2021-26084
Type: github • Created: 2021-09-01 15:19:19 UTC • Stars: 8
b1gw00d/CVE-2021-26084
Type: github • Created: 2021-09-01 14:16:29 UTC • Stars: 0
CrackerCat/CVE-2021-26084
Type: github • Created: 2021-09-01 13:20:13 UTC • Stars: 0
Vulnmachines/Confluence_CVE-2021-26084
Type: github • Created: 2021-09-01 12:19:53 UTC • Stars: 9
0xf4n9x/CVE-2021-26084
Type: github • Created: 2021-09-01 09:50:26 UTC • Stars: 69
hev0x/CVE-2021-26084_Confluence
Type: github • Created: 2021-09-01 07:15:17 UTC • Stars: 309
dinhbaouit/CVE-2021-26084
Type: github • Created: 2021-09-01 00:50:30 UTC • Stars: 54
alt3kx/CVE-2021-26084_PoC
Type: github • Created: 2021-08-31 23:33:44 UTC • Stars: 54
crowsec-edtech/CVE-2021-26084
Type: github • Created: 2021-08-31 16:33:32 UTC • Stars: 21