CyberSec.Space Logo
Back to CVE Browser

CVE-2021-26085

Known Exploited (CISA KEV)MEDIUM
5.3
CVSS Severity Score
EPSS Score88.8890%
EPSS Percentile91.18th
PublishedAug 3, 2021
Last ModifiedOct 24, 2025

Vulnerability Description

Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.

Affected Platforms (CPE)

πŸ“¦
Atlassian

Confluence Data Center

< 7.4.10
πŸ“¦
Atlassian

Confluence Data Center

>= 7.5.0 and < 7.12.3
πŸ“¦
Atlassian

Confluence Server

< 7.4.10
πŸ“¦
Atlassian

Confluence Server

>= 7.5.0 and < 7.12.3

References & Advisories

πŸ”— http://packetstormsecurity.com/files/164401/Atlassian-Confluence-Server-7.5.1-Arbitrary-File-Read.html
πŸ”— https://jira.atlassian.com/browse/CONFSERVER-67893
πŸ”— http://packetstormsecurity.com/files/164401/Atlassian-Confluence-Server-7.5.1-Arbitrary-File-Read.html
πŸ”— https://jira.atlassian.com/browse/CONFSERVER-67893
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-26085

Related Vulnerabilities

CVE-2021-260849.8

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthentica...

CVE-2019-33969.8

The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 ...

CVE-2019-33959.8

The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from versio...

CVE-2019-33988.8

Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who...