In June 2022, Avertium published a Flash Notice regarding a remote code execution (RCE) vulnerability found in the collaboration tool of Atlassian Confluence. The vulnerability is tracked as CVE-2022-26134 and impacts all versions of Confluence Server and Confluence Data Center.  

Although Atlassian released updates for the vulnerability in June 2022, attackers are still compromising unpatched devices. Trend Micro discovered that the gap in security is being abused by attackers for malicious cryptocurrency mining. If left unpatched, an attacker could use CVE-2022-26134 for multiple attacks, such as domain takeover and the deployment of information stealers, remote access trojans, and ransomware.  

If you have not already done so, Atlassian recommends that you patch all Confluence and Data Center servers immediately by following their instructions, which you can find here. If you are unable to patch your servers, Atlassian has issued mitigations for Confluence 7.0.0 through version 7.18.0, which you can find here. The same recommendations from June 2022 still apply. 



New INDICATOR'S OF COMPROMISE (IOCS):[.txt][.txt][_64][ko][.sh][.sh][curl][kik]  







Supporting documentation

Atlassian Confluence Vulnerability CVE-2022-26134 Abused For Cryptocurrency Mining, Other Malware (trendmicro.com) 






Related Reading: Atlassian Confluence Critical Hardcoded Password Vulnerability Under Active Exploitation


Contact us for more information about Avertium’s managed security service capabilities. 

Chat With One of Our Experts

Vulnerability Flash Notice Confluence Server Atlassian Hardcoded Password Vulnerability Blog