Confluence SSTI via Widget Connector macro — unauthenticated RCE exploited in the wild within days of disclosure. Apply patches immediately and restrict which macro plugins are enabled. Atlassian products are a priority target for APT groups seeking enterprise access.
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12, 6.12.x before 6.12.3, 6.13.x before 6.13.3, and 6.14.x before 6.14.2 allows remote attackers to achieve path traversal and remote code execution via Server Side Template Injection.
Supernova subscribers receive AI-triaged CVE alerts the moment they're published — before the PoC drops.
Start Supernova — $99/mo →