Compliance Systems has become aware of a vulnerability impacting Atlassian Confluence, which can allow for unauthenticated remote code execution. This is being tracked by Atlassian as CVE-2022-26134. Compliance Systems does use the Atlassian Cloud instance of Confluence. According to the latest Atlassian advisory notification, this instance is not vulnerable and Atlassian has found no evidence of exploitation. Additionally, Compliance Systems does not use Confluence for transactional or highly sensitive information. Our client and partner privacy and information is critical to us and we will continue to monitor the vulnerability and provide updates if circumstances change.

For details from Atlassian regarding CVE-2022-26134, please see the following:

https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html