CVE-2021-26085

Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability

Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a pre-authorization arbitrary file read vulnerability in the /s/ endpoint. Vendor/Product: Atlassian Confluence Server. Added to CISA KEV 2022-03-28; required action: Apply updates per vendor instructions.

Category: Vulnerability, Known Exploited

Reference: NVD CVE-2021-26085