What is the CVSS score of CVE-2026-21570?

CVE-2026-21570 has a CVSS 4.0 base score of 8.6 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N. EPSS exploitation probability: 0.6%.

Which versions of Bamboo Data Center are affected by CVE-2026-21570?

A critical Remote Code Execution vulnerability (CVSS 8.6) affects multiple versions of Bamboo Data Center, allowing authenticated attackers to execute arbitrary code on affected systems.

How to fix or mitigate CVE-2026-21570?

Within 24 hours: Audit all Bamboo Data Center instances to identify affected versions (9.6.0-12.1.0). Restrict administrative access and review recent user activity logs for suspicious behavior. Within 7 days: Deploy patches to the earliest affected version tier (9.6.24+, 10.2.16+, or 12.1.3+). Test patches in non-production environments first. Within 30 days: Complete patching of all production instances and verify build pipeline integrity.

Bamboo Data Center CVE-2026-21570

EUVD-2026-12590 HIGH

Code Injection (CWE-94)

2026-03-17 atlassian

RCE Code Injection Atlassian Bamboo Data Center

8.6

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Lifecycle Timeline

EUVD ID Assigned

Mar 17, 2026 - 20:30 euvd

EUVD-2026-12590

Analysis Generated

Mar 17, 2026 - 20:30 vuln.today

CVE Published

Mar 17, 2026 - 18:00 nvd

HIGH 8.6

DescriptionNVD

This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 9.6.0, 10.0.0, 10.1.0, 10.2.0, 11.0.0, 11.1.0, 12.0.0, and 12.1.0 of Bamboo Data Center.

This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.6, allows an authenticated attacker to execute malicious code on the remote system.

Atlassian recommends that Bamboo Data Center customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Bamboo Data Center 9.6: Upgrade to a release greater than or equal to 9.6.24

Bamboo Data Center 10.2: Upgrade to a release greater than or equal to 10.2.16

Bamboo Data Center 12.1: Upgrade to a release greater than or equal to 12.1.3

See the release notes ([https://confluence.atlassian.com/bambooreleases/bamboo-release-notes-1189793869.html]). You can download the latest version of Bamboo Data Center from the download center ([https://www.atlassian.com/software/bamboo/download-archives]).

This vulnerability was reported via our Atlassian (Internal) program.

AnalysisAI

Remote code execution in Atlassian Bamboo Data Center versions 9.6.0 through 12.1.0 allows authenticated attackers with high privileges to execute arbitrary code on affected systems with a CVSS score of 8.6. The vulnerability impacts multiple major versions with no patch currently available, requiring immediate upgrade to patched releases such as 9.6.24, 10.2.16, or 12.1.3. …

RemediationAI

Within 24 hours: Audit all Bamboo Data Center instances to identify affected versions (9.6.0-12.1.0). Restrict administrative access and review recent user activity logs for suspicious behavior. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory