CVE-2022-36804
Exploited in the Wild
✓ Confirmed 0-Day
Triaged: March 20, 2026
3 articles
EPSS Score
Source: FIRST.org · 2026-05-24
94.39%
probability
This CVE has a 94.39% probability
of being exploited in the next 30 days.
0%
Top 100.0th percentile of all CVEs
100%
CVSS score unavailable
Neither CIRCL nor NVD returned a CVSS score for this CVE.
View on VulnerabilityLookup ↗
Attack Intelligence
Exploits & PoC
notdls/CVE-2022-36804
A real exploit for BitBucket RCE CVE-2022-36804
35
notxesh/CVE-2022-36804-PoC
Multithreaded exploit script for CVE-2022-36804 affecting BitBucket versions <8.3.1
18
benjaminhays/CVE-2022-36804-PoC-Exploit
Somewhat Reliable PoC Exploit for CVE-2022-36804 (BitBucket Critical Command Injection)
16
SystemVll/CVE-2022-36804
A loader for bitbucket 2022 rce (cve-2022-36804)
12
walnutsecurity/cve-2022-36804
A critical command injection vulnerability was found in multiple API endpoints of the Atlassian Bit bucket Server and Data center. This vulnerability
8
tahtaciburak/cve-2022-36804
A simple PoC for Atlassian Bitbucket RCE [CVE-2022-36804]
7
kljunowsky/CVE-2022-36804-POC
Bitbucket CVE-2022-36804 unauthenticated remote command execution
7
Chocapikk/CVE-2022-36804-ReverseShell
PoC exploit for CVE-2022-36804 (BitBucket Critical Command Injection)
3
8 repos — triés par ⭐
Rechercher sur GitHub ↗
Signal Intelligence
Confidence
85%
EPSS
94.39%
Mentions
3
Last Seen
Sep 13, 2022
CNA Information
Analyst Note
CVE-2022-36804 is a critical Atlassian Bitbucket command injection vulnerability (CVSS 9.9) with documented active exploitation in the wild. CISA added it to the KEV catalog citing evidence of active exploitation, and the September 2022 Patch Tuesday article indicates it was among zero-day vulnerabilities addressed, consistent with exploitation occurring before or concurrent with patch availability.
Triage Info
Decided atMar 20, 2026