What is the CVSS score of CVE-2026-27826?

CVE-2026-27826 has a CVSS 3.1 base score of 8.2 (High). CVSS vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N. EPSS exploitation probability: 0.0%.

Which versions of Atlassian are affected by CVE-2026-27826?

A HIGH severity vulnerability (CVE-2026-27826) affects MCP Atlassian servers used to integrate Confluence and Jira with AI/automation tools.. A patch is available.

How to fix or mitigate CVE-2026-27826?

Within 24 hours: Audit all instances of MCP Atlassian servers in production and development environments; disable the service if non-critical or isolate it from external networks. Within 7 days: Implement network segmentation to restrict MCP server access to authorized internal systems only; review access logs for suspicious activity. Within 30 days: Monitor vendor communications for patch release; evaluate alternative integration solutions or MCP server alternatives; conduct security assessment of affected systems.

Atlassian CVE-2026-27826

HIGH

Server-Side Request Forgery (SSRF) (CWE-918)

2026-03-10 security-advisories@github.com

GHSA-7r34-79r5-rcc9

Atlassian SSRF

8.2

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

8.2 HIGH

AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

Low

Availability

None

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

CVE Published

Mar 10, 2026 - 19:17 nvd

HIGH 8.2

DescriptionGitHub Advisory

MCP Atlassian is a Model Context Protocol (MCP) server for Atlassian products (Confluence and Jira). Prior to version 0.17.0, an unauthenticated attacker who can reach the mcp-atlassian HTTP endpoint can force the server process to make outbound HTTP requests to an arbitrary attacker-controlled URL by supplying two custom HTTP headers without an Authorization header. No authentication is required. The vulnerability exists in the HTTP middleware and dependency injection layer - not in any MCP tool handler - making it invisible to tool-level code analysis. In cloud deployments, this could enable theft of IAM role credentials via the instance metadata endpoint (169[.]254[.]169[.]254). In any HTTP deployment it enables internal network reconnaissance and injection of attacker-controlled content into LLM tool results. Version 0.17.0 fixes the issue.

AnalysisAI

Unauthenticated attackers can abuse the MCP Atlassian server to perform arbitrary outbound HTTP requests by manipulating HTTP headers, enabling credential theft from cloud instance metadata endpoints or internal network reconnaissance without requiring authentication. The vulnerability exists in the HTTP middleware layer prior to version 0.17.0, affecting Atlassian Confluence and Jira deployments. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Send HTTP request to mcp-atlassian endpoint

Delivery

Inject custom headers without Authorization

Exploit

Trigger HTTP middleware to make outbound request

Execution

Server connects to attacker-controlled URL

Impact

Exfiltrate internal data or perform SSRF attack

Access

Send HTTP request to mcp-atlassian endpoint

Delivery

Inject custom headers without Authorization

Exploit

Trigger HTTP middleware to make outbound request

Execution

Server connects to attacker-controlled URL

Impact

Exfiltrate internal data or perform SSRF attack

Vulnerability AssessmentAI

Exploitation	mcp-atlassian server versions prior to 0.17.0 with HTTP endpoint accessible on local network (AV:A). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 8.2 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	A remote attacker without authentication could exploit this vulnerability to theft of IAM role credentials via the instance metadata endpoint (`169[.
Remediation	Monitor vendor advisories for a patch. Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Audit all instances of MCP Atlassian servers in production and development environments; disable the service if non-critical or isolate it from external networks. …

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-12225 HIGH This Week

8.7 Jun 16

Two-factor authentication bypass in syracom AG Secure Login (2FA) plugin 3.4.0.x for Atlassian Jira, Confluence, and Bit

CVE-2025-27511 HIGH This Week

7.2 Jun 11

Remote code execution in GeoServer (versions prior to 2.27.0) with the DB2 extension installed allows authenticated admi

CVE-2025-52465 HIGH This Week

7.2 Jun 12

Arbitrary file write in GeoServer's Master Password Dump web page allows an authenticated administrator to write attacke

CVE-2025-58175 MEDIUM This Month

6.5 Jun 12

Server-Side Request Forgery in GeoServer's XML entity resolution allows unauthenticated remote attackers to cause the se

CVE-2026-27826 vulnerability details – vuln.today

Back

Atlassian CVE-2026-27826

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

More from same product – last 7 days

Share

External POC / Exploit Code