We want to share this update regarding the critical Confluence 0-day vulnerability (CVE-2022-26134).

On June 02, 2022 Atlassian released a security advisory for their Confluence Server and Data Center applications, highlighting a critical severity unauthenticated remote code execution (RCE) vulnerability. Exploits are already publicly available and we expect this vulnerability to be heavily exploited in the wild.

We tested Wallarm’s attack detection against the known exploit and confirmed that exploitation attempted are successfully detected and blocked. No further actions are required.

To mitigate the vulnerability when working in a monitoring mode, it’s recommended to create a virtual patch rule based on Confluence recommendation. This rule will block any requests that contain a string ${ in the URI.

You can create the rule by yourself using the example below or contact our support team in case you want us to create the rule. The regex: [$][{]

Feel free to reach out to support@wallarm.com if you need assistance.

Further updates will be published in Wallarm Changelog: https://changelog.wallarm.com