CVE-2026-21570

🗓️ 17 Mar 2026 18:00:00Reported by atlassianType

High severity Bamboo Data Center RCE; authenticated attacker can execute code on vulnerable versions; upgrade to fixed releases.

Reporter	Title	Published	Views	Family All 12
ATTACKERKB	CVE-2026-21570	17 Mar 202618:00	–	attackerkb
Atlassian	RCE (Remote Code Execution) in Bamboo Data Center	11 Mar 202616:58	–	atlassian
Tenable Nessus	Atlassian Bamboo 9.6.x < 9.6.24 / 10.x < 10.2.16 / 11.x / 12.x < 12.1.3 Multiple Vulnerabilities	25 Mar 202600:00	–	nessus
Circl	CVE-2026-21570	21 Mar 202615:21	–	circl
CNNVD	Atlassian Bamboo Data Center 安全漏洞	17 Mar 202600:00	–	cnnvd
Cvelist	CVE-2026-21570	17 Mar 202618:00	–	cvelist
EUVD	EUVD-2026-12590	17 Mar 202618:30	–	euvd
NVD	CVE-2026-21570	17 Mar 202618:16	–	nvd
Positive Technologies	PT-2026-25921	17 Mar 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-21570	26 Mar 202615:04	–	redhatcve

CNA

Node

atlassian bambooRange9.6.1–9.6.23data_center

atlassian bambooMatch9.6.6data_center

atlassian bambooMatch9.6.7data_center

atlassian bambooMatch9.6.8data_center

atlassian bambooMatch9.6.9data_center

atlassian bambooMatch9.6.10data_center

atlassian bambooMatch9.6.11data_center

atlassian bambooMatch9.6.12data_center

atlassian bambooMatch9.6.13data_center

atlassian bambooMatch9.6.14data_center

atlassian bambooMatch9.6.15data_center

atlassian bambooMatch9.6.16data_center

atlassian bambooMatch9.6.17data_center

atlassian bambooMatch9.6.18data_center

atlassian bambooMatch9.6.19data_center

atlassian bambooMatch9.6.20data_center

atlassian bambooMatch9.6.21data_center

atlassian bambooMatch9.6.22data_center

atlassian bambooMatch9.6.23data_center

atlassian bambooMatch9.6.24data_center

[
  {
    "vendor": "Atlassian",
    "product": "Bamboo Data Center",
    "versions": [
      {
        "version": "12.1.0 to 12.1.2",
        "status": "affected"
      },
      {
        "version": "12.0.0 to 12.0.2",
        "status": "affected"
      },
      {
        "version": "11.0.0 to 11.0.8",
        "status": "affected"
      },
      {
        "version": "10.2.0 to 10.2.15",
        "status": "affected"
      },
      {
        "version": "10.1.0 to 10.1.1",
        "status": "affected"
      },
      {
        "version": "10.0.0 to 10.0.3",
        "status": "affected"
      },
      {
        "version": "9.6.1 to 9.6.23",
        "status": "affected"
      },
      {
        "version": "12.1.3",
        "status": "unaffected"
      },
      {
        "version": "10.2.16",
        "status": "unaffected"
      },
      {
        "version": "9.6.24",
        "status": "unaffected"
      }
    ]
  }
]

Source	Link
jira	www.jira.atlassian.com/browse/BAM-26342
confluence	www.confluence.atlassian.com/pages/viewpage.action

18 Mar 2026 14:52Current

6.1Medium risk

Vulners AI Score6.1

CVSS 48.6

EPSS0.00697

SSVC

CWE-94