USCYBERCOM and CISA warn organizations to fix CVE-2021-26084 Confluence flaw

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

USCYBERCOM is urging organizations to patch a critical CVE-2021-26084 flaw in Atlassian Confluence Server and Data Center, ahead of the Labor Day weekend. 

US Cyber Command (USCYBERCOM) has issued an alert to warn US organizations to address Atlassian Confluence CVE-2021-26084 vulnerability immediately, ahead of the Labor Day weekend.

Government experts are aware of the ongoing mass exploitation of the CVE-2021-26084 flaw and believe it could rapidly accelerate.

#ActionRequired patch immediately!

— U.S. Cyber Command (@US_CYBERCOM) September 3, 2021

Threat actors started exploiting the CVE-2021-26084 vulnerability in Atlassian’s Confluence enterprise collaboration product a few days after it was patched by the vendor. At the time of this writing, experts only observed threat actors exploiting the issue to deliver cryptocurrency miners, but attackers could start exploiting them to deliver other malware, including ransomware.

Last week, Atlassian released security patches to address the critical CVE-2021-26084 flaw that affects the Confluence enterprise collaboration product.

The flaw is an OGNL injection issue that can be exploited by an authenticated attacker to

Read the article