Home / Vulnerability Intelligence / CVE-2026-27826

CVE-2026-27826 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: March 11, 2026

MCP Atlassian - Server Side Request Forgery

Published: March 10, 2026Updated: March 11, 2026

Overview

MCP Atlassian < 0.17.0 contains a server-side request forgery caused by improper validation of custom HTTP headers in the HTTP middleware, letting unauthenticated attackers force outbound requests to arbitrary URLs, exploit requires access to the mcp-atlassian HTTP endpoint.

Severity & Score

Severity: High

CVSS Score: 8.2

EPSS Score: 3.7%(Probability of exploitation in next 30 days)

Impact

Unauthenticated attackers can make the server send requests to arbitrary URLs, enabling internal network reconnaissance and potential credential theft.

Mitigation

Upgrade to version 0.17.0 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 10, 2026

🟠 CVE-2026-27826 - High (8.2) MCP Atlassian is a Model Context Protocol (MCP) server for Atlassian products (Confluence and Jira). Prior to version 0.17.0, an unauthenticated attacker who can reach the mcp-atlassian HTTP endpoint can force the server process to make outbound H... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27826/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

GitHub Repositories(1 repo)

https://github.com/plutosecurity/MCPwnfluence

Related Resources

Details

CVE ID: CVE-2026-27826
Severity: High
CVSS Score: 8.2
Type: server_side_request_forgery
Status: unconfirmed
EPSS: 3.7%
Social Posts: 1

CWE

CWE-918

CVSS Metrics

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

EPSS Score

3.7%Probability of exploitation in the next 30 days