Vulnerability identifier: #VU56249

Vulnerability risk: High

CVSSv3.1: 9.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2021-26084

CWE-ID: CWE-94

Exploitation vector: Network

Exploits in database: 39

• March 17, 2023
  • CVE-2021-26084 (Confluence server webwork OGNL injection) [Github]
• March 13, 2023
  • CVE-2021-26084 (Confluence server webwork OGNL injection) [Github]
• October 11, 2022
  • CVE-2021-26084_Confluence (CVE-2021-26084 - Confluence Pre-Auth RCE OGNL injection 回显) [Github]
• June 8, 2022
  • Atlassian Confluence Namespace OGNL Injection [Metasploit]
• March 27, 2022
  • CVE-2021-26084 (CVE-2021-26084 - Confluence Pre-Auth RCE | OGNL injection ) [Github]
• January 16, 2022
  • CVE-2021-26084 (POC of CVE-2021-26084, which is Atlassian Confluence Server OGNL(Object-Graph Navigation Language) Pre-Auth RCE Injection Vulneralibity.) [Github]
• December 16, 2021
  • CVE-2021-26084 (批量检测) [Github]
• December 15, 2021
  • CVE-2021-26084 (CVE-2021-26084 Remote Code Execution on Confluence Servers) [Github]
• November 25, 2021
  • Confluence Server 7.12.4 - 'OGNL injection' Remote Code Execution (RCE) (Unauthenticated) [Exploit-DB]
• October 27, 2021
  • CVE-2021-26084 (CVE-2021-26084，Atlassian Confluence OGNL注入漏洞) [Github]
• October 26, 2021
  • CVE-2021-26084 (confluence远程代码执行RCE / Code By:Jun_sheng) [Github]
• October 18, 2021
  • Atlassian Confluence WebWork OGNL Injection [Metasploit]
• October 3, 2021
  • CVE-2021-26084 () [Github]
• September 22, 2021
  • PocList (漏洞POC、EXP合集，持续更新。Apache Druid-任意文件读取（CVE-2021-36749）、ConfluenceRCE（CVE-2021-26084）、ZeroShell防火墙RCE（CVE-2019-12725）、ApacheSolr任意文件读取、蓝凌OA任意文件读取、phpStudyRCE、ShowDoc任意文件上传、原创先锋后台未授权、Kyan账号密码泄露、TerraMasterTos任意文件读取、TamronOS-IPTV系统RCE、Wayos防火墙账号密码泄露) [Github]
• September 12, 2021
  • CVE-2021-26084_Confluence (Exploit CVE 2021 26084 Confluence) [Github]
  • docker-confluence-patched (Patched Confluence 7.12.2 (CVE-2021-26084)) [Github]
  • CVE-2021-26084 (Confluence OGNL injection) [Github]
• September 9, 2021
  • Atlassian Confluence WebWork OGNL Injection [Metasploit]
• September 7, 2021
  • cve-2021-26084-confluence (A quick and dirty PoC of cve-2021-26084 as none of the existing ones worked for me.) [Github]
• September 6, 2021
  • CVE-2021-26084-Confluence-OGNL (asjhdsajdlksavksapfoka) [Github]
• September 5, 2021
  • CVE-2021-26084 (CVE-2021-26084 Confluence OGNL injection) [Github]
  • CVE-2021-26084 (Confluence OGNL Injection [CVE-2021-26084].) [Github]
  • cve_2021_26084 (cve-2021-26084 EXP) [Github]
  • confluence-rce-poc (Setting up POC for CVE-2021-26084) [Github]
• September 2, 2021
  • CVE-2021-26084 (CVE-2021-26084 - Confluence Pre-Auth RCE | OGNL injection ) [Github]
  • CVE-2021-26084 (This is exploit) [Github]
  • CVE-2021-26084 (CVE-2021-26084 - Confluence Server Webwork OGNL injection (Pre-Auth RCE)) [Github]
  • CVE-2021-26084-Nuclei-template (This nuclei template is to verify the vulnerability without executing any commands to the target machine ) [Github]
  • CVE-2021-26084 (CVE-2021-26084 Remote Code Execution on Confluence Servers, reference: https://github.com/httpvoid/writeups/blob/main/Confluence-RCE.md) [Github]
  • CVE-2021-26084 (CVE-2021-26084 Remote Code Execution on Confluence Servers) [Github]
  • CVE-2021-26084_PoC () [Github]
  • CVE-2021-26084_GoPOC (PoC of CVE-2021-26084 written in Golang based on https://twitter.com/jas502n/status/1433044110277890057?s=20) [Github]
  • CVE-2021-26084_Confluence (Confluence Server Webwork OGNL injection) [Github]
  • CVE-2021-26084 () [Github]
  • CVE-2021-26084 (批量检测) [Github]
  • CVE-2021-26084_Confluence (CVE-2021-26084 - Confluence Pre-Auth RCE OGNL injection 命令回显+一键getshell) [Github]
  • cve-2021-26084-confluence (Just run command without brain) [Github]
  • CVE-2021-26084 (Atlassian Confluence Pre-Auth RCE) [Github]
• September 1, 2021
  • Confluence_CVE-2021-26084 (Remote Code Execution on Confluence Servers : CVE-2021-26084) [Github]

Impact: Code execution

Vulnerable software:
Atlassian Confluence Server
Server applications / Web servers

Vendor: Atlassian