CVE-2022-26135

MEDIUM

Atlassian Jira <8.13.22, <8.20.10, <8.22.4 - SSRF

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2022-26135. PoCs published by assetnote, safe3s.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2022-26135, an SSRF vulnerability in Jira Data Center and Server. The exploit automates the process of registering a user (if open signups are enabled) and leveraging the SSRF to send arbitrary HTTP requests to internal or external resources.

Description

A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0 before version 8.13.22, from version 8.14.0 before 8.20.10, from version 8.21.0 before 8.22.4. This also affects Jira Management Server and Data Center versions from version 4.0.0 before 4.13.22, from version 4.14.0 before 4.20.10 and from version 4.21.0 before 4.22.4.

Exploits (2)

nomisec WORKING POC 88 stars
by assetnote · poc
https://github.com/assetnote/jira-mobile-ssrf-exploit

This repository contains a functional exploit for CVE-2022-26135, an SSRF vulnerability in Jira Data Center and Server. The exploit automates the process of registering a user (if open signups are enabled) and leveraging the SSRF to send arbitrary HTTP requests to internal or external resources.

Classification
Working Poc 95%
Attack Type
Ssrf
Complexity
Moderate
Reliability
Reliable
Target: Atlassian Jira Data Center and Server (versions before 8.20.3, 8.21.0, 8.22.0)
Auth required
Prerequisites: Access to a vulnerable Jira instance · Open signups or valid credentials for authentication
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 11 stars
by safe3s · poc
https://github.com/safe3s/CVE-2022-26135

This repository contains a functional exploit for CVE-2022-26135, an SSRF vulnerability in Atlassian Jira and Jira Service Desk. The exploit automates user registration and leverages the SSRF to interact with internal services.

Classification
Working Poc 95%
Attack Type
Ssrf
Complexity
Moderate
Reliability
Reliable
Target: Atlassian Jira < 8.20.3, Jira Service Desk < 4.20.3-REL-0018
No auth needed
Prerequisites: Target Jira/JSD instance with signup enabled · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Vendor Advisory x_refsource_misc
https://jira.atlassian.com/browse/JRASERVER-73863
Vendor Advisory x_refsource_misc
https://jira.atlassian.com/browse/JSDSERVER-11840

Scores

CVSS v3 6.5
EPSS 0.7117
EPSS Percentile 99.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-918
Status published
Products (4)
atlassian/jira_data_center 8.0.0 - 8.13.22
atlassian/jira_server 8.0.0 - 8.13.22
atlassian/jira_service_desk 4.0.0 - 4.13.22 (2 CPE variants)
atlassian/jira_service_management 4.14.0 - 4.20.10 (2 CPE variants)
Published Jun 30, 2022
Tracked Since Feb 18, 2026