On 24 February 2026, sooperset, the mcp-atlassian project maintainer, released fixes for a critical vulnerability in mcp-atlassian, tracked as CVE-2026-27825. The flaw arises from missing directory confinement and inadequate path traversal validation in the Confluence attachment download tools which could allow a remote (network-adjacent), unauthenticated threat actor to write files to arbitrary paths, enabling local privilege escalation and remote code execution. The same release also addresses a related high-severity SSRF issue in header-controlled Atlassian base URLs (CVE-2026-27826). On February 27, 2026, Pluto Security released an article providing technical details for both flaws.
At the time of writing Arctic Wolf has not observed active exploitation of these vulnerabilities. A public proof-of-concept exploitation flow has been described by researchers. The issues are unauthenticated with high impact, and Atlassian-related surfaces have been historically targeted; therefore, we assess a meaningful risk of threat actor adoption if exposed instances are discoverable.
Technical details
In vulnerable versions, the download_attachment and download_content_attachments tools accept a threat actor-supplied target path and writes files without restricting them to a safe base directory or checking for traversal/symlinks. When the MCP HTTP transport is exposed (often bound to 0.0.0.0 with no authentication), a threat actor can overwrite files such as ~/.bashrc or ~/.ssh/authorized_keys to achieve persistence or RCE. Separately, middleware honors X-Atlassian-Jira-Url and X-Atlassian-Confluence-Url headers without validation, enabling SSRF to arbitrary destinations from the victim host.
Recommendation for CVE-2026-27825
Upgrade to Latest Fixed Version
Arctic Wolf strongly recommends that customers upgrade to the latest fixed version of mcp-atlassian. Version 0.17.0 introduces validate_safe_path() and validate_url_for_ssrf() to enforce path confinement, scheme/domain allowlisting, and redirect/localhost/private-IP blocking.
| Product | Affected Version | Fixed Version |
| mcp-atlassian | < 0.17.0 | 0.17.0 |
Please follow your organisation’s patching and testing guidelines to minimise potential operational impact.
