.. / CVE-2022-26134

Exploit for Confluence - Remote Code Execution (CVE-2022-26134)

Description:

Confluence Server and Data Center is susceptible to an unauthenticated remote code execution vulnerability.

Nuclei Template

View the template here CVE-2022-26134.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-26134.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2022-26134
https://www.rapid7.com/blog/post/2022/06/02/active-exploitation-of-confluence-cve-2022-26134/
https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html
https://jira.atlassian.com/browse/CONFSERVER-79016
http://packetstormsecurity.com/files/167431/Through-The-Wire-CVE-2022-26134-Confluence-Proof-Of-Concept.html
https://attackerkb.com/topics/BH1D56ZEhs/cve-2022-26134/rapid7-analysis