CVE-2026-27825 - Vulnerability Analysis
CriticalCVSS: 9.0Last Updated: March 11, 2026
MCP Atlassian - Command Injection
Overview
MCP Atlassian < 0.17.0 contains a command injection caused by lack of directory boundary enforcement in confluence_download_attachment tool, letting attackers with access to upload attachments execute arbitrary code, exploit requires ability to call the tool and upload malicious attachments.
Severity & Score
Impact
Attackers can execute arbitrary code by writing malicious files to writable paths, potentially leading to full system compromise.
Mitigation
Upgrade to version 0.17.0 or later.
References
Social Media Activity(1 post)
Critical RCE and SSRF Vulnerabilities Discovered in Popular mcp-atlassian Server mcp-atlassian versions before 0.17.0 contain vulnerabilities (CVE-2026-27825 and CVE-2026-27826) that allow unauthenticated attackers to execute remote code and perform SSRF attacks by exploiting missing path validation and insecure header handling. **If you use mcp-atlassian, update to version 0.17.0 ASAP. Since these servers run with high privileges and no authentication by default, network isolation is your first defense against unauthorized access and lateral movement withing environments.** #cybersecurity #infosec #advisory #vulnerability https://beyondmachines.net/event_details/critical-rce-and-ssrf-vulnerabilities-discovered-in-popular-mcp-atlassian-server-m-l-c-6-g/gD2P6Ple2L
View original postGitHub Repositories(1 repo)
Related Resources
Details
- CVE ID
- CVE-2026-27825
- Severity
- Critical
- CVSS Score
- 9.0
- Type
- command_injection
- Status
- unconfirmed
- EPSS
- 0.0%
- Social Posts
- 1
CWE
- CWE-22
CVSS Metrics
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H