A zero-day vulnerability is a newly discovered software security flaw that has not yet been patched by the developers and, as a result, can be exploited. The term “zero-day” is an imaginative time, as this type of cyberattack happens in a very short timeframe from the awareness of the security flaw.
What Makes the CVE-2022-26134 Important?
There is currently no patch available for the newly discovered Atlassian Confluence zero-day vulnerability that is being tracked as CVE-2022-26134.
This vulnerability is being actively exploited by hackers in order to install web shells.
Atlassian has been made aware of the current active exploitation of a critical severity unauthenticated remote code execution vulnerability in Confluence Data Center and Server. Further details about the vulnerability are being withheld until a fix is available.
We expect that security fixes for supported versions of Confluence will begin to be available for customer download within 24 hours (estimated time, by EOD June 3 PDT).
Confluence Server and Data Center are both vulnerable to the significant unauthenticated remote code execution flaw identified as CVE-2022-26134, which was disclosed by Atlassian in a security warning.
According to Atlassian, the vulnerability was verified in Confluence Server 7.18.0, and they think