CVSS 3.1 Score 9.8 of 10 (high)


Published Aug 30, 2021
Updated: Aug 8, 2023
CWE ID 917


CVE-2021-26084 is an OGNL injection vulnerability that affects Confluence Server and Data Center. The vulnerability allows an unauthenticated attacker to execute arbitrary code on affected instances. Versions before 6.13.23, between 6.14.0 and 7.4.11, between 7.5.0 and 7.11.6, and between 7.12.0 and 7.12.5 are affected by this vulnerability. To remediate it, organizations should update their Confluence Server or Data Center instances to a version that is not affected by the vulnerability, as recommended by Atlassian's vendor advisory (link: This vulnerability has a high base severity rating of CRITICAL, with a base score of 9.8 according to NIST's National Vulnerability Database (NVD). The exploitation of this vulnerability can result in high impacts on integrity and confidentiality, with a potential danger to organizations' security.

Note: This summary is based on the provided information and does not include any additional analysis or interpretation of the vulnerability's impact or severity beyond what is stated in the sources provided

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2021-26084 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options