DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2026-27826: CVE-2026-27826: Unauthenticated Server-Side Request Forgery in mcp-atlassian Custom Header Parsing

#security #cve #cybersecurity

CVE-2026-27826: Unauthenticated Server-Side Request Forgery in mcp-atlassian Custom Header Parsing

Vulnerability ID: CVE-2026-27826
CVSS Score: 8.2
Published: 2026-03-10

CVE-2026-27826 is a high-severity Server-Side Request Forgery (SSRF) vulnerability in the mcp-atlassian Model Context Protocol (MCP) server. The vulnerability allows unauthenticated attackers to supply arbitrary URLs via custom HTTP headers, forcing the server to make outbound HTTP requests to internal networks, local ports, or cloud instance metadata services. This flaw can be weaponized to steal cloud credentials or chained with CVE-2026-27825 to achieve remote code execution.

TL;DR

Unauthenticated SSRF in mcp-atlassian prior to version 0.17.0 allows attackers to force the server to make arbitrary HTTP requests via manipulated X-Atlassian-Jira-Url headers, exposing internal services and cloud metadata.

⚠️ Exploit Status: WEAPONIZED

Technical Details

  • CWE ID: CWE-918
  • Attack Vector: Network (Adjacent/Remote)
  • CVSS Score: 8.2
  • Impact: Cloud Credential Theft, Internal Reconnaissance, RCE (when chained)
  • Exploit Status: Weaponized
  • Patched Version: 0.17.0

Affected Systems

  • sooperset/mcp-atlassian (< 0.17.0)
  • Cloud infrastructure hosting vulnerable MCP servers (AWS, GCP, Azure)
  • Internal network services accessible from the vulnerable MCP server host
  • mcp-atlassian: < 0.17.0 (Fixed in: 0.17.0)

Code Analysis

Commit: 5cd697d

Fix for SSRF vulnerability via URL validation, DNS lookahead, and domain allowlisting

Mitigation Strategies

  • Upgrade mcp-atlassian to version 0.17.0 or higher.
  • Configure the MCP_ALLOWED_URL_DOMAINS environment variable to enforce an explicit allowlist of authorized Atlassian domains.
  • Implement strict egress filtering to block outbound access to the IMDS IP (169.254.169.254) from the MCP server host.
  • Restrict network access to the MCP HTTP listener port to trusted clients only.

Remediation Steps:

  1. Identify all deployed instances of mcp-atlassian.
  2. Update the package dependencies to require mcp-atlassian >= 0.17.0.
  3. Review server configuration and inject the MCP_ALLOWED_URL_DOMAINS environment variable specifying your organization's valid Jira/Confluence domains.
  4. Restart the MCP server processes.
  5. Verify that requests with unauthorized X-Atlassian-Jira-Url headers are rejected by the server.

References

Read the full report for CVE-2026-27826 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)