Atlassian Confluence Vulnerability Allows Code Execution

CERT-Bund has released a security advisory (WID-SEC-2026-0767) concerning a critical vulnerability in Atlassian Confluence Data Center and Server products. The vulnerability, with a CVSS Base Score of 7.5, allows authenticated remote attackers to execute arbitrary code. Affected versions include Confluence Data Center and Server instances earlier than 10.2.7, 9.2.15, and 9.0.2.

Organizations using vulnerable versions of Atlassian Confluence must apply available mitigations or update to patched versions to prevent exploitation. The advisory indicates that mitigation is available, and users should consult the provided links for specific instructions and version history. Failure to address this vulnerability could lead to unauthorized code execution and potential compromise of systems running on Linux, UNIX, or Windows operating systems.