{"uuid": "61029932-6f27-4c52-89cd-22664b4f4621", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26138", "type": "published-proof-of-concept", "source": "https://t.me/CVEhub/120", "content": "\ud83d\udc7eCVE SERVICE \ud83c\udff7#CVE\nMumber: CVE-2022-26138\nGithub: https://github.com/Daro1967/CVE-2022-26138-RCE\nDescribe: \nThe Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to users in the confluence-users group. This user account is created when installing versions 2.7.34, 2.7.35, and 3.0.2 of the app.", "creation_timestamp": "2026-07-18T18:00:04.047853Z"}