Known Vulnerabilities for Confluence by Atlassian
Listed below are 10 of the newest known vulnerabilities associated with "Confluence" by "Atlassian".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-27825 | MCP Atlassian is a Model Context Protocol (MCP) server for Atlassian products (Confluence and Jira). Prior to version 0.17.0,... | Not Provided | 2026-03-10 | 2026-03-10 |
| CVE-2021-37412 | The TechRadar app 1.1 for Confluence Server allows XSS via the Title field of a Radar. | 6.1 - MEDIUM | 2021-09-15 | 2023-01-24 |
| CVE-2021-26085 | Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization ... | 5.3 - MEDIUM | 2021-08-03 | 2023-08-08 |
| CVE-2021-26084 | In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthe... | 9.8 - CRITICAL | 2021-08-30 | 2023-08-08 |
| CVE-2021-26072 | The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote attackers to m... | 4.3 - MEDIUM | 2021-04-01 | 2022-07-27 |
| CVE-2020-29450 | Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact the application's availabil... | 6.5 - MEDIUM | 2021-01-19 | 2022-08-30 |
| CVE-2020-29448 | The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from ... | 5.3 - MEDIUM | 2021-02-22 | 2022-07-27 |
| CVE-2020-29445 | Affected versions of Confluence Server before 7.4.8, and versions from 7.5.0 before 7.11.0 allow attackers to identify intern... | 4.3 - MEDIUM | 2021-05-07 | 2022-05-13 |
| CVE-2020-29444 | Affected versions of Team Calendar in Confluence Server before 7.11.0 allow attackers to inject arbitrary HTML or Javascript ... | 5.4 - MEDIUM | 2021-05-07 | 2022-07-27 |
| CVE-2020-14175 | Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScrip... | 5.4 - MEDIUM | 2020-07-24 | 2022-07-27 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Atlassian | Confluence | 7.6.1 | All | All | All |
| Application | Atlassian | Confluence | 7.6 | All | All | All |
| Application | Atlassian | Confluence | 7.5.2 | All | All | All |
| Application | Atlassian | Confluence | 7.5.1 | All | All | All |
| Application | Atlassian | Confluence | 7.5.0 | All | All | All |
| Application | Atlassian | Confluence | 7.4.2 | All | All | All |
| Application | Atlassian | Confluence | 7.4.1 | All | All | All |
| Application | Atlassian | Confluence | 7.4 | All | All | All |
| Application | Atlassian | Confluence | 7.3.5 | All | All | All |
| Application | Atlassian | Confluence | 7.3.4 | All | All | All |
| Application | Atlassian | Confluence | 7.3.3 | All | All | All |
| Application | Atlassian | Confluence | 7.3.2 | All | All | All |
| Application | Atlassian | Confluence | 7.3.1 | All | All | All |
| Application | Atlassian | Confluence | 7.3 | All | All | All |
| Application | Atlassian | Confluence | 7.2.2 | All | All | All |
| Application | Atlassian | Confluence | 7.2.1 | All | All | All |
| Application | Atlassian | Confluence | 7.2.0 | All | All | All |
| Application | Atlassian | Confluence | 7.1.2 | All | All | All |
| Application | Atlassian | Confluence | 7.1.1 | All | All | All |
| Application | Atlassian | Confluence | 7.1.0 | All | All | All |