4 matches found
CVE-2026-27825
MCP Atlassian is a Model Context Protocol MCP server for Atlassian products Confluence and Jira. Prior to version 0.17.0, the confluencedownloadattachment MCP tool accepts a downloadpath parameter that is written to without any directory boundary enforcement. An attacker who can call this tool an...
CVE-2026-27825 MCP Atlassian has an arbitrary file write leading to arbitrary code execution via unconstrained download_path in confluence_download_attachment
MCP Atlassian is a Model Context Protocol MCP server for Atlassian products Confluence and Jira. Prior to version 0.17.0, the confluencedownloadattachment MCP tool accepts a downloadpath parameter that is written to without any directory boundary enforcement. An attacker who can call this tool an...
PT-2026-22386
Name of the Vulnerable Software and Affected Versions mcp-atlassian affected versions not specified Description The software contains a critical unauthenticated remote code execution RCE and server-side request forgery SSRF issue. The RCE is a result of arbitrary file write, leading to arbitrary...
CVE-2026-27825
creationtimestamp| type| source ---|---|--- 2026-02-24 11:57:12+00:00| published-proof-of-concept| https://github.com/sooperset/mcp-atlassian/security/advisories/GHSA-xjgw-4wvw-rgm4 2026-03-10 19:10:06+00:00| seen| https://gist.github.com/alon710/318772c839d4af9a91549fceab76247e 2026-03-10...