CVE-2026-21569

NONE EPSS 21.3%

Published Jan 28, 20265mo ago · Modified Jun 17, 20261w ago

Published Jan 28, 2026 5mo ago

Last Modified Jun 17, 2026 1w ago

Description

This High severity XXE (XML External Entity Injection) vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server. This XXE (XML External Entity Injection) vulnerability, with a CVSS Score of 7.9, allows an authenticated attacker to access local and remote content which has high impact to confidentiality, low impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Crowd Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: * Crowd Data Center and Server 7.1: Upgrade to a release greater than or equal to 7.1.3 See the release notes (https://confluence.atlassian.com/crowd/crowd-release-notes-199094.html). You can download the latest version of Crowd Data Center and Server from the download center (https://www.atlassian.com/software/crowd/download-archive). This vulnerability was reported via our Atlassian (Internal) program.

Threat Intelligence

EPSS Exploit Probability

21.3% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-611

Affected Products 1

Vendor	Product	Version	Range
atlassian	crowd	*	≥7.1.0 – <7.1.3

References 2

confluence.atlassian.com https://confluence.atlassian.com/pages/viewpage.action?pageId=1712324819

Vendor Advisory
jira.atlassian.com https://jira.atlassian.com/browse/CWD-6453

Issue TrackingVendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.