Skip to content

Instantly share code, notes, and snippets.

@alon710

alon710/CVE-2026-27826.md

Created March 10, 2026 19:40
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save alon710/466922a78fd1f1a990595c00598870a1 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save alon710/466922a78fd1f1a990595c00598870a1 to your computer and use it in GitHub Desktop.
Download ZIP
CVE-2026-27826: CVE-2026-27826: Unauthenticated Server-Side Request Forgery in mcp-atlassian Custom Header Parsing - CVE Security Report
Raw
CVE-2026-27826.md

CVE-2026-27826: CVE-2026-27826: Unauthenticated Server-Side Request Forgery in mcp-atlassian Custom Header Parsing

CVSS Score: 8.2 Published: 2026-03-10 Full Report: https://cvereports.com/reports/CVE-2026-27826

Summary

CVE-2026-27826 is a high-severity Server-Side Request Forgery (SSRF) vulnerability in the mcp-atlassian Model Context Protocol (MCP) server. The vulnerability allows unauthenticated attackers to supply arbitrary URLs via custom HTTP headers, forcing the server to make outbound HTTP requests to internal networks, local ports, or cloud instance metadata services. This flaw can be weaponized to steal cloud credentials or chained with CVE-2026-27825 to achieve remote code execution.

TL;DR

Unauthenticated SSRF in mcp-atlassian prior to version 0.17.0 allows attackers to force the server to make arbitrary HTTP requests via manipulated X-Atlassian-Jira-Url headers, exposing internal services and cloud metadata.

Exploit Status: WEAPONIZED

Technical Details

  • CWE ID: CWE-918
  • Attack Vector: Network (Adjacent/Remote)
  • CVSS Score: 8.2
  • Impact: Cloud Credential Theft, Internal Reconnaissance, RCE (when chained)
  • Exploit Status: Weaponized
  • Patched Version: 0.17.0

Affected Systems

  • sooperset/mcp-atlassian (< 0.17.0)
  • Cloud infrastructure hosting vulnerable MCP servers (AWS, GCP, Azure)
  • Internal network services accessible from the vulnerable MCP server host
  • mcp-atlassian: < 0.17.0 (Fixed in: 0.17.0)

Mitigation

  • Upgrade mcp-atlassian to version 0.17.0 or higher.
  • Configure the MCP_ALLOWED_URL_DOMAINS environment variable to enforce an explicit allowlist of authorized Atlassian domains.
  • Implement strict egress filtering to block outbound access to the IMDS IP (169.254.169.254) from the MCP server host.
  • Restrict network access to the MCP HTTP listener port to trusted clients only.

Remediation Steps:

  1. Identify all deployed instances of mcp-atlassian.
  2. Update the package dependencies to require mcp-atlassian >= 0.17.0.
  3. Review server configuration and inject the MCP_ALLOWED_URL_DOMAINS environment variable specifying your organization's valid Jira/Confluence domains.
  4. Restart the MCP server processes.
  5. Verify that requests with unauthorized X-Atlassian-Jira-Url headers are rejected by the server.

References

Generated by CVEReports - Automated Vulnerability Intelligence

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment