Vulnerability detail

Enriched intelligence for a single CVE

5.3

CVSS
Medium

CVE-2021-26085

PUBLISHED

Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read...

Exploited in the wild Used in malware Remote Low complexity No user interaction

Vendor: Atlassian
Product: Confluence Server, Confluence Data Center
Published: Aug 03, 2021
EPSS: —

Description

Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.

cisa malware ransomware nuclei_scanner

CVSS scores

CVSS v3.1 5.3 Medium

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v2.0 5.0

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitation status

Exploited in the wild

Recorded 2022-03-28 00:00:00 UTC · Source

Used in malware

Recorded 2022-03-28 00:00:00 UTC · Source

SSVC decision points

Exploitation: active
Automatable: Yes
Technical impact: partial

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CISA	Mar 28, 2022

Scanner integrations

Scanner	Reference	Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-26085.yaml	Apr 25, 2025

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

ColdFusionX/CVE-2021-26085

github · Created 2021-10-05 08:20:25 UTC · 14 stars

Atlassian Confluence Server 7.5.1 Pre-Authorization Arbitrary File Read vulnerability (CVE-2021-26085)

Timeline

CVE ID Reserved

January 25, 2021
CVE Published to Public

August 03, 2021
Exploit Used in Malware

March 28, 2022
Added to KEVIntel

March 28, 2022
Detected by Nuclei

April 25, 2025