How to fix EUVD-2026-12590?

Within 24 hours: Audit all Bamboo Data Center instances to identify affected versions (9.6.0-12.1.0). Restrict administrative access and review recent user activity logs for suspicious behavior. Within 7 days: Deploy patches to the earliest affected version tier (9.6.24+, 10.2.16+, or 12.1.3+). Test patches in non-production environments first. Within 30 days: Complete patching of all production instances and verify build pipeline integrity.

Is Bamboo Data Center affected by EUVD-2026-12590?

A critical Remote Code Execution vulnerability (CVSS 8.6) affects multiple versions of Bamboo Data Center, allowing authenticated attackers to execute arbitrary code on affected systems.

EUVD-2026-12590

| CVE-2026-21570 HIGH

2026-03-17 atlassian

8.6

CVSS 4.0

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Lifecycle Timeline

Analysis Generated

Mar 17, 2026 - 20:30 vuln.today

EUVD ID Assigned

Mar 17, 2026 - 20:30 euvd

EUVD-2026-12590

CVE Published

Mar 17, 2026 - 18:00 nvd

HIGH 8.6

Description

This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 9.6.0, 10.0.0, 10.1.0, 10.2.0, 11.0.0, 11.1.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.6, allows an authenticated attacker to execute malicious code on the remote system. Atlassian recommends that Bamboo Data Center customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Bamboo Data Center 9.6: Upgrade to a release greater than or equal to 9.6.24 Bamboo Data Center 10.2: Upgrade to a release greater than or equal to 10.2.16 Bamboo Data Center 12.1: Upgrade to a release greater than or equal to 12.1.3 See the release notes ([https://confluence.atlassian.com/bambooreleases/bamboo-release-notes-1189793869.html]). You can download the latest version of Bamboo Data Center from the download center ([https://www.atlassian.com/software/bamboo/download-archives]). This vulnerability was reported via our Atlassian (Internal) program.

Analysis

Remote code execution in Atlassian Bamboo Data Center versions 9.6.0 through 12.1.0 allows authenticated attackers with high privileges to execute arbitrary code on affected systems with a CVSS score of 8.6. The vulnerability impacts multiple major versions with no patch currently available, requiring immediate upgrade to patched releases such as 9.6.24, 10.2.16, or 12.1.3. …

Remediation

Within 24 hours: Audit all Bamboo Data Center instances to identify affected versions (9.6.0-12.1.0). Restrict administrative access and review recent user activity logs for suspicious behavior. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.6

CVSS: +43

POC: 0

EUVD-2026-12590 vulnerability details – vuln.today

Back

EUVD-2026-12590

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

EUVD-2026-12590

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code