CVE-2026-27825: Critical Unauthenticated RCE and SSRF in mcp-atlassian

On 24 February 2026, sooperset, the mcp-atlassian project maintainer, released fixes?for a critical vulnerability in?mcp-atlassian, tracked as CVE-2026-27825.

On 24 February 2026, sooperset, the mcp-atlassian project maintainer, released ?for a critical vulnerability in?mcp-atlassian, tracked as CVE-2026-27825. The flaw arises from missing directory confinement and inadequate path traversal validation in the Confluence attachment download tools which could allow a remote (network-adjacent), unauthenticated threat actor to write files to arbitrary paths, enabling local privilege escalation and remote code execution. The same release also??a related high-severity SSRF issue in header-controlled Atlassian base URLs (CVE-2026-27826). On February 27, 2026, Pluto Security released?an??providing technical details for both flaws.?

At the time of writing Arctic Wolf has not?observed?active exploitation of these vulnerabilities. A public proof-of-concept exploitation flow has been described by researchers. The issues are unauthenticated with high impact, and Atlassian-related surfaces have been historically targeted; therefore, we assess a meaningful risk of threat actor adoption if exposed instances are discoverable.?

Technical details?

In vulnerable versions, the?download_attachment?and?download_content_attachments?tools accept a threat actor-supplied target path and writes files without restricting them to a safe base directory or checking for traversal/symlinks. When the MCP HTTP transport is exposed (often bound to 0.0.0.0 with no authentication), a threat actor can overwrite files such as ~/.bashrc?or ~/.ssh/authorized_keys?to achieve persistence or RCE. Separately, middleware honors X-Atlassian-Jira-Url?and X-Atlassian-Confluence-Url?headers without validation, enabling SSRF to arbitrary destinations from the victim host.?

Recommendation for CVE-2026-27825

Upgrade to Latest Fixed Version

Arctic Wolf?strongly recommends?that customers upgrade to the latest fixed version of?mcp-atlassian. Version 0.17.0 introduces?validate_safe_path() and?validate_url_for_ssrf() to enforce path confinement, scheme/domain allowlisting, and redirect/localhost/private-IP blocking.?

Product?	Affected Version?	Fixed Version?
mcp-atlassian?	< 0.17.0?	0.17.0?

Please follow your organisation��s patching and testing guidelines to minimise potential operational impact.?

? 2026 ��. All Rights Reserved.
Privacy Notice	Terms of Use	Cookie Policy	Customer Portal Policy	Accessibility Statement	Sustainability Statement	Information Security	Cookies Settings

��

��

Concierge

Journey

Reduce Attack Frequency

Reduce Attack Severity

Transfer Risk

Get Started

Why Arctic Wolf

Expertise by Topic

Expertise by Industry

Resource Centre

Trending Resources

NIS2 aims to make the EU as a whole more resilient to cyber threats and strengthen cooperation between Member States on cybersecurity.

The Arctic Wolf State of Cybersecurity: 2025 Trends Report serves as an opportunity for decision makers to share their experiences over the past 12 months and their perspectives on some of the most important issues shaping the IT and security landscape.

The Arctic Wolf Threat Report draws upon the first-hand experience of our security experts, augmented by research from our threat intelligence team.

Security Bulletins

Microsoft Patch Tuesday: April 2026?

CVE-2026-35616: Fortinet Releases Hotfix for Critical Exploited Vulnerability in FortiClient EMS

CVE-2026-2699 & CVE-2026-2701: Progress ShareFile Storage Zones Controller Pre-Auth RCE Chain

Company

Careers

Press