Subscribe

Hackers Actively Exploit New Atlassian Confluence Zero-day Flaw

June 3, 2022

A new Atlassian Confluence zero-day vulnerability, known as CVE-2022-26134, is actively exploited by hackers to install web shells.

A security update released by Atlassian described the vulnerability as a critical, unauthorized RCE bug that was detected in both the Confluence Server and the Data Center.

The bug has been confirmed in Confluence Server 7.18.0. Confluence Server and Data Center 7.4.0 and higher are also vulnerable.

Atlassian is working on a patch to fix the vulnerability, but the company has advised customers to make their servers inaccessible. To do this, the company recommended users use one of two methods, which include restricting Confluences Server and Data Center instances from the internet or disabling Confluence Server and Data Center instances.

The vulnerability was discovered by researchers from the cybersecurity firm Volexity. The breach analyzed by Volexity saw threat actors install BEHINDER, a JSP web shell that allows them to remotely execute commands on the compromised server.

Since no patches are available, Volexity advise Confluence admins to disconnect their servers from the internet until Atlassian release releases a fix to address the vulnerability.

The sources for the flaw include an article in BleepingComputer.

Top Stories

Snap unveils first consumer AR glasses priced at more than $2,000

Key U.S. data center law faces expiration with no replacement in sight

Starlink introduces $10 monthly hardware rental fee

Hackers used Meta’s AI support bot to hijack 20,000 Instagram accounts

Meta faces backlash after facial recognition code found in smart glasses app

Apple reportedly taps Google Gemini and Nvidia Blackwell Chips for new Siri

Related Articles

Robotiq launches AI platform to speed up robot deployment in factories

June 16, 2026 Quebec City-based robotics company Robotiq has launched an AI-powered platform called IQ to accelerate the deployment of more...

Snap unveils first consumer AR glasses priced at more than $2,000

June 16, 2026 Snap has introduced its first augmented reality glasses designed for consumers, marking the company’s most ambitious hardware more...

France drops Palantir, chooses local firm for domestic intelligence operations

June 16, 2026 France’s domestic intelligence service is ending its long-standing relationship with U.S. surveillance technology company Palantir. The General more...

Reddit moderators say companies are using fake posts to influence AI search results

June 11, 2026 Moderators of the popular r/Biohackers subreddit say companies are increasingly using Reddit discussions to influence how AI more...

Picture of TND Newsdesk

TND Newsdesk

Picture of TND Newsdesk

TND Newsdesk

Jim Love

Jim is an author and podcast host with over 40 years in technology.

Share:
Facebook
Twitter
LinkedIn