How severe is CVE-2021-26085?

CVE-2021-26085 has a CVSS v3 score of 5.3 (MEDIUM).

CVE-2021-26085

Name: confluence_server
Author: atlassian

5.3MEDIUM

Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected version

Publicado: 8/3/2021Actualizado: 10/24/2025

Vulnerabilidad Explotada Conocida (CISA)

Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a pre-authorization arbitrary file read vulnerability in the /s/ endpoint.

Acción Requerida:

Apply updates per vendor instructions.

Fecha Límite:

2022-04-18

Uso de Ransomware Conocido

Descripción

Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.

Análisis IAImpulsado por IA

Productos Afectados

atlassianconfluence_data_center

atlassianconfluence_server

Vulnerabilidad Explotada Conocida (CISA)

Descripción

Análisis IAImpulsado por IA

Productos Afectados

Exploits Disponibles (1)

Atlassian Confluence 7.12.2 - Pre-Authorization Arbitrary File Read

Referencias