CVE-2021-26085CISA KEVEPSS p100.0%

CVE-2021-26085Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability

Atlassian / Confluence Server

Description

Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a pre-authorization arbitrary file read vulnerability in the /s/ endpoint.

Scoring

EPSS99.94% probability of exploitation · percentile 100.0% · 2026-06-15T12:03:41Z

CISA KEV entry

Added to KEV: 2022-03-28

(incoming)1

TypeTargetConfidenceTier
KEVEntryAtlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerabilitykev-cve-2021-260850%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Atlassian Confluence Data Center and Server Improper Authorization Vulnerability
CVE
Atlassian Confluence Server and Data Center Remote Code Execution Vulnerability
CVE
Atlassian Confluence Server and Data Center Object-Graph Navigation Language (OGNL) Injection Vulnerability
CVE
Atlassian Jira Server and Data Center Path Traversal Vulnerability
CVE
Atlassian Confluence Data Center and Server Broken Access Control Vulnerability
CVE
Atlassian Confluence Server and Data Center Path Traversal Vulnerability
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.