CVE-2021-26134

Name of the Vulnerable Software and Affected Versions Atlassian Confluence versions prior to the fixed version

Description The issue allows unauthorized attackers to create new admin accounts, execute commands, and ultimately gain remote control of the server. Researchers have discovered several botnets, including Kinsing, Hezb, and Dark.IoT, that are using exploits to target Linux servers with unpatched Atlassian Confluence Server and Data Center. These botnets are implementing backdoors and cryptominers on compromised servers. The exploitation of this issue is expected to increase, as exploits related to Confluence are popular among hackers.

Recommendations For Atlassian Confluence versions prior to the fixed version, update to the fixed version as soon as possible. As a temporary workaround, consider upgrading the JAR files on the Confluence server according to the provided instructions. Restrict access to the Confluence server to minimize the risk of exploitation until the issue is resolved.