F5 Silverline - Security Advisory - Atlassian Confluence RCE CVE-2022-26134

Dear Silverline WAF Customers,


On June 2, 2022 Atlassian disclosed a critical Remote Code Execution (RCE) vulnerability in its Confluence product, designated CVE-2022-26134.   The vulnerability is being actively exploited in the wild with POC exploits being publicly available.


Silverline WAF customers are protected against CVE-2022-26134 with several layers of existing signatures and mitigating controls:

  • Signature ID 200004474 provides protection against generic URI-based Java code injection
  • Signature IDs 200004564, 200004565, 200104761 provide protection against previously disclosed Confluence vulnerabilities for template injection and OGNL injection.
  • Server Side Code Injection signatures protect against injection of malicious code into vulnerable JSP gadgets including those seen in known exploit vectors
  • Malicious payloads such as command-injection and webshells will be detected by existing signatures


F5 Silverline threat research teams are actively monitoring the situation and will tune/adjust protections accordingly.


The Silverline network infrastructure is not exposed to this vulnerability.


More information can be found at


If you have any questions, please reach out to the Silverline SOC at +1 866 329 4253.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request