← Confluence security brief
Confluence change history
Every security, compliance, and legal-policy change Swanum has detected for Confluence — new CVEs, certification changes, and terms-of-service updates. Each entry is generated deterministically from the underlying evidence and re-checked continuously.
Jun 28, 2026
minor
cve
1 actively-exploited (CISA KEV) vulnerability: CVE-2022-26138; 11 new CVEs (published from 2005-12-03): CVE-2005-3967, CVE-2012-2928, CVE-2012-6342, CVE-2015-8398, CVE-2015-8399, CVE-2016-4317 (+5 more). Exploitation likelihood is high — EPSS 98% for CVE-2022-26138 (probability of exploitation in the next 30 days). 11 of these have no vendor fix listed yet.
Jun 23, 2026
notice
cve
19 new CVEs (published from 2005-12-03): CVE-2005-3967, CVE-2012-2926, CVE-2015-8398, CVE-2015-8399, CVE-2016-4317, CVE-2016-6283 (+13 more). Exploitation likelihood is high — EPSS 67% for CVE-2012-2926 (probability of exploitation in the next 30 days). 5 of these have no vendor fix listed yet (CVE-2005-3967, CVE-2015-8398, CVE-2015-8399, CVE-2016-4317, CVE-2016-6283).
Jun 19, 2026
minor
cve
7 actively-exploited (CISA KEV) vulnerabilities: CVE-2021-26084, CVE-2021-26085, CVE-2022-26134, CVE-2022-26138, CVE-2023-22515, CVE-2023-22518 (+1 more); 25 new CVEs (published from 2021-08-03): CVE-2021-26084, CVE-2021-26085, CVE-2021-39114, CVE-2021-43940, CVE-2022-26134, CVE-2022-26138 (+19 more). Exploitation likelihood is high — EPSS 100% for CVE-2021-26084 (probability of exploitation in the next 30 days). 2 of these have no vendor fix listed yet (CVE-2022-26138, CVE-2024-21690).
Jun 17, 2026
minor
cve
9 actively-exploited (CISA KEV) vulnerabilities: CVE-2019-3396, CVE-2019-3398, CVE-2021-26084, CVE-2021-26085, CVE-2022-26134, CVE-2022-26138 (+3 more); 25 new CVEs (published from 2019-03-25): CVE-2019-3396, CVE-2019-3398, CVE-2021-26084, CVE-2021-26085, CVE-2022-26134, CVE-2022-26138 (+19 more). Exploitation likelihood is high — EPSS 100% for CVE-2021-26084 (probability of exploitation in the next 30 days). 2 of these have no vendor fix listed yet (CVE-2022-26138, CVE-2024-21690).
Jun 16, 2026
minor
cve
9 actively-exploited (CISA KEV) vulnerabilities: CVE-2019-3396, CVE-2019-3398, CVE-2021-26084, CVE-2021-26085, CVE-2022-26134, CVE-2022-26138 (+3 more); 25 new CVEs (published from 2019-03-25): CVE-2019-3396, CVE-2019-3398, CVE-2021-26084, CVE-2021-26085, CVE-2022-26134, CVE-2022-26138 (+19 more). 2 of these have no vendor fix listed yet (CVE-2022-26138, CVE-2024-21690).
Jun 15, 2026
notice
subprocessor
36 new sub-processor(s) added: (d/b/a Bird), Amazon Web Services, Cantab Research Ltd (trading as Speechmatics), Cloudflare, Clumio, Databricks (+30 more).
Jun 15, 2026
minor
cve
9 actively-exploited (CISA KEV) vulnerabilities: CVE-2019-3396, CVE-2019-3398, CVE-2021-26084, CVE-2021-26085, CVE-2022-26134, CVE-2022-26138 (+3 more); 25 new CVEs (published from 2019-03-25): CVE-2019-3396, CVE-2019-3398, CVE-2021-26084, CVE-2021-26085, CVE-2022-26134, CVE-2022-26138 (+19 more). 2 of these have no vendor fix listed yet (CVE-2022-26138, CVE-2024-21690).