Ctrl + K
/ news / CVE
CVEPublished 2026-03-101 article on news6 live referencesNVD data

CVE-2026-27825

Vulnerability data via CVEDB (Shodan)

CVSS v3.1
9.0
CRITICAL
EPSS percentile
81
Exploit Prediction Scoring System · top 19% of all CVEs
Description

MCP Atlassian is a Model Context Protocol (MCP) server for Atlassian products (Confluence and Jira). Prior to version 0.17.0, the `confluence_download_attachment` MCP tool accepts a `download_path` parameter that is written to without any directory boundary enforcement. An attacker who can call this tool and supply or access a Confluence attachment with malicious content can write arbitrary content to any path the server process has write access to. Because the attacker controls both the write destination and the written content (via an uploaded Confluence attachment), this constitutes for arbitrary code execution (for example, writing a valid cron entry to `/etc/cron.d/` achieves code execution within one scheduler cycle with no server restart required). Version 0.17.0 fixes the issue.

Timeline
Published 2026-03-10

External references

NVDMITREExploit-DBSploitustrickest/cveVulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts
vuln:CVE-2026-27825
Hosts Shodan has explicitly fingerprinted as vulnerable.
Shodan · product + version
product:"Mcp-atlassian Mcp Atlassian" version:"0.1.10"
Version-pinned fingerprint from NVD's first vulnerable CPE.
Shodan · banner/body mention
http.html:"Mcp Atlassian"
HTTP body or banner mentions "Mcp Atlassian" — catches deploys Shodan didn't identify as a product.
More intel sources (5)
Shodan report
vuln:CVE-2026-27825
Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2026-27825
Censys host search filtered to this CVE id.
grep.app
CVE-2026-27825
Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2026-27825
GitHub code search for direct mentions.
Google dork
"CVE-2026-27825" exploit -site:nvd.nist.gov
Write-ups and news, NVD excluded.

Known PoCs on GitHub (8)

CVE-2026-278258 repos
7WaySecurity/ai_osintunknown
🤖 Curated AI OSINT resources — Google dorks, Shodan queries, GitHub dorks, and techniques to discover exposed LLM endpoints, leaked AI API keys, misconfigured vector databases, an…
★ 95·updated 6d ago
DarkFunct/TK-CVE-RepoPython
TK-CVE-Repo
★ 51·updated 2w ago
webpro255/awesome-ai-agent-attacksunknown
A curated timeline of real AI agent security incidents, breaches, and vulnerabilities (2024-2026). Every entry sourced and dated.
★ 26·updated 1mo ago
mcp-security-project/mcp-cve-projectunknown
The Project shares all information on MCP related CVE's published
★ 14·updated 1d ago
plutosecurity/MCPwnfluenceShell
Information about CVE-2026-27825 & CVE-2026-27826 discovered by Pluto Security and a bash script for identifying vulnerable mcp-atlassian instances allowing for automatic update to…
★ 7·updated 3mo ago
maheshndev/awesome-reposHTML
Awesome Repositories - Explore top-rated GitHub repositories curated for developers—tools, libraries, and projects to boost productivity and learning in one place. Discover the bes…
★ 3·updated 3d ago
koatora20/guard-scannerTypeScript
🛡️ Agent Security Scanner — 364 patterns, 35 threat categories, 27 runtime checks. Zero-Trust policy layer for MCP/A2A agents.
★ 2·updated 2d ago
ashhart/PortreevePython
Host-side security primitives for LLM agent platforms: capability policy, audit logs, approvals, run budgets, and session-aware lethal-trifecta detection.
★ 1·updated 4w ago
Articles on news mentioning CVE-2026-27825