In early 2024, a high-severity RCE vulnerability shook Atlassian’s Confluence Data Center and Server platforms — CVE-2023-22527. This flaw stems from unsafe OGNL (Object-Graph Navigation Language) expression handling, a notorious attack surface in Java-based web apps. By sending a specially crafted HTTP request to vulnerable endpoints, unauthenticated attackers could inject and execute arbitrary OGNL expressions, leading directly to remote code execution with the same privileges as the Confluence service. What made this CVE particularly dangerous was its pre-auth nature — no login required, just a direct hit to an exposed server. The affected versions included those prior to 8.5.5 (LTS), which Atlassian quickly patched, but many self-hosted instances remained unprotected. OGNL injection is powerful because it lets attackers interact with the internal Java objects — reading files, spawning shells, or pivoting to other services. In a red team or bug bounty scenario, recon should include version fingerprinting and probing endpoints like /pages/doenterpagevariables.action. If you detect an OGNL vector, test carefully — exploitation can crash systems or trigger alarms. This CVE is a textbook case of why unsafe expression parsing should never touch untrusted input.