CRITICAL9.0CVE-2026-27825MCP Atlassian has an arbitrary file write leading to arbitrary code execution via unconstrained download_path in confluence_download_attachment
from 0, < 0.17.0
HIGH8.2CVE-2026-27826MCP Atlassian has SSRF via unvalidated X-Atlassian-Jira-Url / X-Atlassian-Confluence-Url headers