Confluence SSTI via Widget Connector macro — unauthenticated RCE exploited in the wild within days of disclosure. Apply patches immediately and restrict which macro plugins are enabled. Atlassian products are a priority target for APT groups seeking enterprise access.
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12, 6.12.x before 6.12.3, 6.13.x before 6.13.3, and 6.14.x before 6.14.2 allows remote attackers to achieve path traversal and remote code execution via Server Side Template Injection.
Exploit-DB.ai delivers real-time AI-triaged zero-day alerts directly to your inbox.
Activate Supernova →