Back to KEVs

CVE-2021-26084

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to...

Basic Information

CVE State
PUBLISHED
Reserved Date
January 25, 2021
Published Date
August 30, 2021
Last Updated
February 04, 2025
Vendor
Atlassian
Product
Confluence Server, Confluence Data Center
Description
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
Tags
cisa malware ransomware nuclei_scanner metasploit_scanner

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

SSVC Information

Exploitation
active
Automatable
Yes
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2025-05-10 00:00:00 UTC) Source
Proof of Concept Available
Yes (added 2021-09-02 07:05:23 UTC) Source
Used in Malware
Yes (added 2021-11-03 00:00:00 UTC) Source

References

https://jira.atlassian.com/browse/CONFSERVER-67940 http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html

Known Exploited Vulnerability Information

Source Added Date
CISA 2021-11-03 00:00:00 UTC

Scanner Integrations

Scanner URL Date Detected
Metasploit https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/atlassian_confluence_webwork_ognl_injection.rb 2025-04-29 11:01:20 UTC
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-26084.yaml 2025-04-26 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

atlassian_confluence_webwork_ognl_injection

Type: metasploit • Created: Unknown

Metasploit module for CVE-2021-26084

ZZ-SOCMAP/CVE-2021-26084

Type: github • Created: 2022-01-13 06:29:51 UTC • Stars: 8

POC of CVE-2021-26084, which is Atlassian Confluence Server OGNL(Object-Graph Navigation Language) Pre-Auth RCE Injection Vulneralibity.

lleavesl/CVE-2021-26084

Type: github • Created: 2021-10-26 06:01:38 UTC • Stars: 7

CVE-2021-26084,Atlassian Confluence OGNL注入漏洞

orangmuda/CVE-2021-26084

Type: github • Created: 2021-10-06 23:24:24 UTC • Stars: 4

CVE-2021-26084 - Confluence Server Webwork OGNL injection

ludy-dev/CVE-2021-26084_PoC

Type: github • Created: 2021-09-18 07:33:24 UTC • Stars: 3

[CVE-2021-26084] Confluence pre-auth RCE test script

attacker-codeninja/CVE-2021-26084

Type: github • Created: 2021-09-09 09:29:24 UTC • Stars: 0

Confluence OGNL injection

1ZRR4H/CVE-2021-26084

Type: github • Created: 2021-09-07 01:15:16 UTC • Stars: 30

Atlassian Confluence CVE-2021-26084 one-liner mass checker

smadi0x86/CVE-2021-26084

Type: github • Created: 2021-09-05 09:27:55 UTC • Stars: 6

Confluence server webwork OGNL injection

Loneyers/CVE-2021-26084

Type: github • Created: 2021-09-03 07:41:36 UTC • Stars: 3

CVE-2021-26084 Confluence OGNL injection

maskerTUI/CVE-2021-26084

Type: github • Created: 2021-09-02 07:05:23 UTC • Stars: 0

This is exploit

taythebot/CVE-2021-26084

Type: github • Created: 2021-09-01 15:19:19 UTC • Stars: 8

CVE-2021-26084 - Confluence Server Webwork OGNL injection (Pre-Auth RCE)

b1gw00d/CVE-2021-26084

Type: github • Created: 2021-09-01 14:16:29 UTC • Stars: 0

批量检测

CrackerCat/CVE-2021-26084

Type: github • Created: 2021-09-01 13:20:13 UTC • Stars: 0

Atlassian Confluence Pre-Auth RCE

Vulnmachines/Confluence_CVE-2021-26084

Type: github • Created: 2021-09-01 12:19:53 UTC • Stars: 9

Remote Code Execution on Confluence Servers : CVE-2021-26084

0xf4n9x/CVE-2021-26084

Type: github • Created: 2021-09-01 09:50:26 UTC • Stars: 69

CVE-2021-26084 Remote Code Execution on Confluence Servers

hev0x/CVE-2021-26084_Confluence

Type: github • Created: 2021-09-01 07:15:17 UTC • Stars: 309

Confluence Server Webwork OGNL injection

dinhbaouit/CVE-2021-26084

Type: github • Created: 2021-09-01 00:50:30 UTC • Stars: 54

alt3kx/CVE-2021-26084_PoC

Type: github • Created: 2021-08-31 23:33:44 UTC • Stars: 54

crowsec-edtech/CVE-2021-26084

Type: github • Created: 2021-08-31 16:33:32 UTC • Stars: 21

CVE-2021-26084 - Confluence Pre-Auth RCE | OGNL injection

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Proof of Concept Exploit Available

  • Exploit Used in Malware

  • Added to KEVIntel

  • Detected by Nuclei

  • Detected by Metasploit