On February 24, 2026,?sooperset, the?mcp-atlassian?project maintainer, released??for a critical vulnerability in?mcp-atlassian, tracked as CVE-2026-27825. The flaw arises from missing directory confinement and inadequate path traversal validation in the Confluence attachment download tools which could allow a remote (network-adjacent), unauthenticated threat actor to write files to arbitrary paths, enabling local privilege escalation and remote code execution. The same release also??a related high-severity SSRF issue in header-controlled Atlassian base URLs (CVE-2026-27826). On February 27, 2026, Pluto Security released?an??providing technical details for both flaws.?
At the time of writing Arctic Wolf has not?observed?active exploitation of these vulnerabilities. A public proof-of-concept exploitation flow has been described by researchers. The issues are unauthenticated with high impact, and Atlassian-related surfaces have been historically targeted; therefore, we assess a meaningful risk of threat actor adoption if exposed instances are discoverable.?
Technical details?
In vulnerable versions, the?download_attachment?and?download_content_attachments?tools accept a threat actor-supplied target path and writes files without restricting them to a safe base directory or checking for traversal/symlinks. When the MCP HTTP transport is exposed (often bound to 0.0.0.0 with no authentication), a threat actor can overwrite files such as ~/.bashrc?or ~/.ssh/authorized_keys?to achieve persistence or RCE. Separately, middleware honors X-Atlassian-Jira-Url?and X-Atlassian-Confluence-Url?headers without validation, enabling SSRF to arbitrary destinations from the victim host.?
Recommendation for CVE-2026-27825
Upgrade to Latest Fixed Version
Arctic Wolf?strongly recommends?that customers upgrade to the latest fixed version of?mcp-atlassian. Version 0.17.0 introduces?validate_safe_path() and?validate_url_for_ssrf() to enforce path confinement, scheme/domain allowlisting, and redirect/localhost/private-IP blocking.?
| Product? | Affected Version? | Fixed Version? |
| mcp-atlassian? | < 0.17.0? | 0.17.0? |
Please follow your organization¡¯s patching and testing guidelines to minimize potential operational impact.?
