CVE-2022-26138CISA KEVEPSS p99.9%

CVE-2022-26138Atlassian Questions For Confluence App Hard-coded Credentials Vulnerability

Atlassian / Confluence

Description

Atlassian Questions For Confluence App has hard-coded credentials, exposing the username and password in plaintext. A remote unauthenticated attacker can use these credentials to log into Confluence and access all content accessible to users in the confluence-users group.

Scoring

EPSS98.17% probability of exploitation · percentile 99.9% · 2026-06-18T12:00:27Z

CISA KEV entry

Added to KEV: 2022-07-29

(incoming)1

TypeTargetConfidenceTier
KEVEntryAtlassian Questions For Confluence App Hard-coded Credentials Vulnerabilitykev-cve-2022-261380%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Atlassian Confluence Data Center and Server Broken Access Control Vulnerability
CVE
Atlassian Confluence Server and Data Center Remote Code Execution Vulnerability
CVE
Atlassian Confluence Data Center and Server Improper Authorization Vulnerability
CVE
Atlassian Confluence Data Center and Server Template Injection Vulnerability
CVE
Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability
CVE
Atlassian Confluence Server and Data Center Server-Side Template Injection Vulnerability
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.