CVE-2022-26134

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 3, 2026 17 articles

VulnLookup ↗ NVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

94.41%

probability

This CVE has a 94.41% probability of being exploited in the next 30 days.

0% Top 100.0th percentile of all CVEs 100%

CVSS score unavailable

Neither CIRCL nor NVD returned a CVSS score for this CVE. View on VulnerabilityLookup ↗

Description

Project Zero

Unauthenticated Remote Code Execution

Attack Intelligence

CWE-707 · Improper Neutralization CWE-74 · Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-77 · Command Injection CWE-917 · Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Google Project Zero

Discovered

May 31, 2022

Patched

June 3, 2022

Reported by

Volexity

Root Cause Analysis

???

Exploits & PoC

W01fh4cker/Serein

【懒人神器】一款图形化、批量采集url、批量对采集的url进行各种nday检测的工具。可用于src挖掘、cnvd挖掘、0day利用、打造自己的武器库等场景。可以批量利用Actively Exploited Atlassian Confluence 0Day CVE-2022-26134和DedeCM

1245

jbaines-r7/through_the_wire

CVE-2022-26134 Proof of Concept

171

hev0x/CVE-2022-26134

Confluence Pre-Auth Remote Code Execution via OGNL Injection (CVE-2022-26134)

crowsec-edtech/CVE-2022-26134

CVE-2022-26134 - Confluence Pre-Auth RCE | OGNL injection

nxtexploit/CVE-2022-26134

Atlassian Confluence (CVE-2022-26134) - Unauthenticated Remote code execution (RCE)

SNCKER/CVE-2022-26134

[CVE-2022-26134]Confluence OGNL expression injected RCE with sandbox bypass.

SIFalcon/confluencePot

Simple Honeypot for Atlassian Confluence (CVE-2022-26134)

AmoloHT/CVE-2022-26134

「💥」CVE-2022-26134 - Confluence Pre-Auth RCE

whokilleddb/CVE-2022-26134-Confluence-RCE

Exploit for CVE-2022-26134: Confluence Pre-Auth Remote Code Execution via OGNL Injection

9 repos — triés par ⭐ Rechercher sur GitHub ↗

Atlassian Releases Patch for Confluence Zero-Day Flaw Exploited in the Wild

TheHackerNews

Hackers Exploiting Unpatched Critical Atlassian Confluence Zero-Day Vulnerability

TheHackerNews

Atlassian fixes Confluence zero-day widely exploited in attacks

BleepingComputer Jun 03, 2022

Critical Atlassian Confluence zero-day actively used in attacks

BleepingComputer Jun 02, 2022

Defense Lessons From the Black Basta Ransomware Playbook

Qualys Feb 25, 2025

From Ransomware to Cyber Espionage: 55 Zero-Day Vulnerabilities Weaponized in 2022

TheHackerNews

Inside the customer environment: Where threat actors, vulnerabilities, and exposed assets intersect

Tenable-Research May 27, 2026

NSA Alert: Topmost CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors

Qualys Oct 07, 2022

Security Advisory 2022-040

CERT-EU Jun 03, 2022

Hackers Exploited Atlassian Confluence Bug to Deploy Ljl Backdoor for Espionage

TheHackerNews

Hackers Targeting Unpatched Atlassian Confluence Servers to Deploy Crypto Miners

TheHackerNews

From Log4j to IIS, China’s Hackers Turn Legacy Bugs into Global Espionage Tools

TheHackerNews Nov 07, 2025

Microsoft June 2022 Patch Tuesday fixes 1 zero-day, 55 flaws

BleepingComputer Jun 14, 2022

Microsoft Warns of Uptick in Hackers Leveraging Publicly-Disclosed 0-Day Vulnerabilities

TheHackerNews

Sophos Firewall zero-day bug exploited weeks before fix

BleepingComputer Jun 16, 2022

251 Amazon-Hosted IPs Used in Exploit Scan Targeting ColdFusion, Struts, and Elasticsearch

TheHackerNews

Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware

TheHackerNews

Signal Intelligence

Confidenceⓘ

92%

EPSS 94.41%

Mentions 17

Last Seen May 27, 2026

CNA Information

Analyst Note

CVE-2022-26134 is a critical unauthenticated OGNL injection vulnerability in Confluence with CVSS 9.8, confirmed by CERT-EU security advisory and referenced in threat intelligence reporting on active exploitation by Chinese threat actors. The presence in Google Project Zero and documented real-world targeting provides strong corroboration for the confirmed status.