Severity: High (CVSS 8.7)
Affected Systems: Affected products listed by OpenCVE and the vendor advisory
Overview
syracom Secure Login (2FA) for Confluence allows 2FA bypass via spoofed User-Agent
A high vulnerability identified as CVE-2026-12225 has been disclosed.
syracom AG Secure Login (2FA) for Atlassian Jira, Confluence, and Bitbucket 3.4.0.x contains an authentication bypass vulnerability. An attacker with valid credentials for a user account can bypass the two-factor authentication flow by sending HTTP requests with a crafted User-Agent header containing specific strings such as AtlassianMobileApp or JIRA. When such a User-Agent is present, the plugin does not enforce the configured 2FA checks for protected web resources. Successful exploitation allows the attacker to access the affected Atlassian application as the compromised user without completing 2FA. If the compromised account has administrative privileges, the attacker can access administrative functionality and may disable the 2FA plugin or make arbitrary administrative changes. The issue is fixed in version 3.5.0.0.
Risk
CVSS and CISA data indicate the following:
- Review the OpenCVE and vendor advisory for exploit conditions and impact
OpenCVE Analysis
CVSS v4.0 8.7 HighCVSS v3.1 N/ACVSS v3.0 N/ACVSS v2 N/AKEV noEPSS noSSVC yes
- OpenCVE title: syracom Secure Login (2FA) for Confluence allows 2FA bypass via spoofed User-Agent
- Severity score: High (CVSS 8.7)
- SSVC Automatable: no
- SSVC Exploitation: none
- SSVC Technical Impact: total
- Weaknesses: CWE-288
Required Action
Review the OpenCVE detail page and linked vendor advisory, then apply the vendor-provided update or mitigation for the affected product.
Prioritize systems where the affected product is internet-facing, handles authentication, or runs with elevated privileges.
Verify Updates
Confirm whether your environment uses the affected product(s): Affected products listed by OpenCVE and the vendor advisory.
After remediation, verify the installed version against the fixed or unaffected versions listed by the vendor.
Temporary Mitigation (if patch is not available)
Use the mitigation published by the vendor. If no vendor mitigation is available, reduce exposure to the affected product, restrict access to trusted users or networks, and increase monitoring until an update can be applied.
Recommendation
- Use OpenCVE, vendor, and source references as the source of truth for affected versions and remediation
- Patch or mitigate affected products after confirming exposure in your environment
- Monitor affected systems for unusual activity until remediation is complete
Support
If you require assistance, please contact our support team.
Immediate action is strongly recommended to protect your infrastructure.
Source Details
Customer Responsibility and Backups
Before applying updates, mitigations, or configuration changes, customers should take and verify current backups or snapshots of affected systems.
Customers are responsible for managing their servers, validating their own backups, testing changes, and ensuring they can restore services if an update or mitigation causes an issue.
Tuesday, June 16, 2026
