mcp-atlassian < 0.17.0 - Server-Side Request Forgery

MCP Atlassian 0.17.0 contains a server-side request forgery caused by improper validation of custom HTTP headers in the HTTP middleware, letting unauthenticated attackers force outbound requests to arbitrary URLs, exploit requires access to the mcp-atlassian HTTP endpoint. id: CVE-2026-27826 info...

Exploit for Path Traversal in Mcp-Atlassian Mcp_Atlassian

CVE-2026-27825 — Path Traversal in mcp-atlassian via confluenc...

CVE-2026-27826

MCP Atlassian is a Model Context Protocol MCP server for Atlassian products Confluence and Jira. Prior to version 0.17.0, an unauthenticated attacker who can reach the mcp-atlassian HTTP endpoint can force the server process to make outbound HTTP requests to an arbitrary attacker-controlled URL b...

External Control of File Name or Path

Overview mcp-atlassian is a The Model Context Protocol MCP Atlassian integration is an open-source implementation that bridges Atlassian products Jira and Confluence with AI language models following Anthropic's MCP specification. This project enables secure, contextual AI interactions with...

Server-side Request Forgery (SSRF)

Overview mcp-atlassian is a The Model Context Protocol MCP Atlassian integration is an open-source implementation that bridges Atlassian products Jira and Confluence with AI language models following Anthropic's MCP specification. This project enables secure, contextual AI interactions with...

CVE-2026-27826 MCP Atlassian has SSRF via unvalidated X-Atlassian-Jira-Url / X-Atlassian-Confluence-Url headers

MCP Atlassian is a Model Context Protocol MCP server for Atlassian products Confluence and Jira. Prior to version 0.17.0, an unauthenticated attacker who can reach the mcp-atlassian HTTP endpoint can force the server process to make outbound HTTP requests to an arbitrary attacker-controlled URL b...

CVE-2026-27826

CVE-2026-27826 — MCP Atlassian SSRF (pre-0.17.0) Affected: MCP Atlassian server (Confluence/Jira) prior to version 0.17.0.Root cause: HTTP middleware and dependency injection layer improperly validate per-request headers, enabling an unauthenticated attacker to direct outbound requests to attacke...

EUVD-2026-10789

MCP Atlassian is a Model Context Protocol MCP server for Atlassian products Confluence and Jira. Prior to version 0.17.0, an unauthenticated attacker who can reach the mcp-atlassian HTTP endpoint can force the server process to make outbound HTTP requests to an arbitrary attacker-controlled URL b...

MCP Atlassian 代码问题漏洞

MCP Atlassian is an MCP server developed by Hyeonsoo Lee, which connects AI assistants with project management tools. Versions of MCP Atlassian prior to 0.17.0 contained code vulnerabilities. These vulnerabilities stemmed from defects in the HTTP middleware and dependency injection layer,...

PT-2026-22387

Name of the Vulnerable Software and Affected Versions MCP Atlassian versions prior to 0.17.0 Description MCP Atlassian is a Model Context Protocol MCP server used with Atlassian products like Confluence and Jira. Prior to version 0.17.0, an unauthenticated attacker reaching the mcp-atlassian HTTP...