CVE-2021-26085
Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability
CVSS
—
No CVSS
EPSS
99.9%
p100
KEV
YES
Mar 28, 2022
Exploit Today
80
0-100
Published: — · Last modified: —
99.9%EPSS · 30 days99.9%
2026-06-302026-07-16
Product
Atlassian / Confluence Server
Vulnerability
Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability
Added to KEV
Mar 28, 2022
Remediate by
Apr 18, 2022
Known ransomware use
Yes
Summary description
Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a pre-authorization arbitrary file read vulnerability in the /s/ endpoint.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-26085
No related CVEs by CWE or product.