CVE-2026-27825

HIGH EPSS 80.8%
Published Mar 10, 20263mo ago · Modified Jun 17, 20262w ago
8.0 CVSS 3.1
High
Find Similar
Published Mar 10, 2026 3mo ago
Last Modified Jun 17, 2026 2w ago

Description

MCP Atlassian is a Model Context Protocol (MCP) server for Atlassian products (Confluence and Jira). Prior to version 0.17.0, the `confluence_download_attachment` MCP tool accepts a `download_path` parameter that is written to without any directory boundary enforcement. An attacker who can call this tool and supply or access a Confluence attachment with malicious content can write arbitrary content to any path the server process has write access to. Because the attacker controls both the write destination and the written content (via an uploaded Confluence attachment), this constitutes for arbitrary code execution (for example, writing a valid cron entry to `/etc/cron.d/` achieves code execution within one scheduler cycle with no server restart required). Version 0.17.0 fixes the issue.

CVSS Details

Base Score
8.0
Exploitability
2.1
Impact
5.9
Vector string
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Adjacent
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
80.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 2

CWE-22 Path Traversal Resource Mgmt
CWE-73

Affected Products 1

VendorProductVersionRange
mcp-atlassianmcp_atlassian* <0.17.0

References 2

  • github.com https://github.com/sooperset/mcp-atlassian/commit/52b9b0997681e87244b20d58034deae89c91631e
    Patch
  • github.com https://github.com/sooperset/mcp-atlassian/security/advisories/GHSA-xjgw-4wvw-rgm4
    Vendor Advisory

Remediation

  • github.com https://github.com/sooperset/mcp-atlassian/commit/52b9b0997681e87244b20d58034deae89c91631e
    Patch