Atlassian Confluence ↗
Atlassian · Infrastructure
100/100 Healthy
Summary iPlain-English security verdict for Atlassian Confluence, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.
Atlassian Confluence currently scores 100/100 — healthy. 9 actively-exploited vulnerabilities (CISA KEV) affect older releases (e.g. CVE-2019-3396) — staying on the latest supported version keeps you clear of them. The latest supported release is 10.2.13. It's on the latest patch with no significant known issues — keep it current.
Disclosure trend iNew CVEs published for Atlassian Confluence each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.
'19
'20
'21
'22
'23
'24
'25
'26
⚠ 7 of its known vulnerabilities are linked to ransomware campaigns (CISA KEV).
Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.
Most urgent first — actively exploited, then likeliest to be exploited.
CVE-2019-3396 CRITICAL ● exploited ⚠ ransomware Path traversal EPSS 94% → fixed in 6.14.2 CVE-2021-26084 CRITICAL ● exploited ⚠ ransomware CWE-917 EPSS 94% → fixed in 7.12.5 CVE-2022-26134 CRITICAL ● exploited ⚠ ransomware CWE-917 EPSS 94% → fixed in 7.17.4 CVE-2023-22518 CRITICAL ● exploited ⚠ ransomware Incorrect authorization EPSS 94% → fixed in 8.5.3 CVE-2023-22527 CRITICAL ● exploited ⚠ ransomware Injection EPSS 94% → fixed in 8.5.4 CVE-2023-22515 CRITICAL ● exploited ⚠ ransomware Improper input validation EPSS 94% → fixed in 8.5.2 CVE-2022-26138 CRITICAL ● exploited Hard-coded credentials EPSS 94% → see advisory CVE-2021-26085 MEDIUM ● exploited ⚠ ransomware CWE-425 EPSS 94% → fixed in 7.12.3 CVE-2019-3398 HIGH ● exploited Path traversal EPSS 94% → fixed in 6.15.2 CVE-2024-21683 HIGH Code injection EPSS 94% → fixed in 8.5.11 CVE-2019-3394 HIGH Path traversal EPSS 76% → fixed in 6.15.8 CVE-2012-2926 CRITICAL EPSS 65% → fixed in 4.1.10Versions & lifecycle iWhen each release line stops receiving security patches (end-of-life). After EOL there are no more fixes — plan upgrades before these dates.
How long each Atlassian Confluence release line is supported — and when it sunsets.
10.2 latest 10.2.13 Supported until 2027-12-02
10.1 latest 10.1.2 Supported until 2027-10-07
10.0 latest 10.0.3 Supported until 2027-08-05
9.5 latest 9.5.4 Supported until 2027-06-04
9.4 latest 9.4.1 Supported until 2027-04-01
9.3 latest 9.3.2 Supported until 2027-02-04
9.2 latest 9.2.21 Supported until 2026-12-10
9.1 latest 9.1.1 Supported until 2026-10-03
9.0 latest 9.0.3 Supported until 2026-07-30
8.9 latest 8.9.8 End of life ended 2026-04-02
See all upcoming end-of-life dates →