Software company Atlassian issued an advisory on 2 June concerning a previously unknown critical vulnerability (CVE-2022-26134), a so-called zero-day. The vulnerability concerns all supported versions of Atlassian Confluence Server and Confluence Datacenter. This does not concern Atlassian Cloud according to Atlassian. NCSC-NL published an advisory, rating the vulnerability as High/High. No patch is currently available.
The vulnerability allows an unauthenticated actor to remotely execute code and access sensitive information within the scope of the system. It is likely that all versions are vulnerable, although Atlassian still needs to identify the earliest affected version. Proof-of-concept code is not publicly available.