CVE-2022-36804CISA KEVEPSS p99.9%

CVE-2022-36804Atlassian Bitbucket Server and Data Center Command Injection Vulnerability

Atlassian / Bitbucket Server and Data Center

Description

Multiple API endpoints of Atlassian Bitbucket Server and Data Center contain a command injection vulnerability where an attacker with access to a public Bitbucket repository, or with read permissions to a private one, can execute code by sending a malicious HTTP request.

Scoring

EPSS99.17% probability of exploitation · percentile 99.9% · 2026-06-17T12:03:21Z

CISA KEV entry

Added to KEV: 2022-09-30

(incoming)1

TypeTargetConfidenceTier
KEVEntryAtlassian Bitbucket Server and Data Center Command Injection Vulnerabilitykev-cve-2022-368040%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Atlassian Confluence Server and Data Center Remote Code Execution Vulnerability
CVE
Atlassian Confluence Data Center and Server Template Injection Vulnerability
CVE
CVE-2026-2630
CVE
CVE-2026-25848
CVE
Atlassian Confluence Server and Data Center Object-Graph Navigation Language (OGNL) Injection Vulnerability
CVE
CVE-2025-10283
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.