{"data":{"id":"3318c9fa-3193-49c0-b635-2e09f4d9365a","title":"GHSA-xjgw-4wvw-rgm4: MCP Atlassian has an arbitrary file write leading to arbitrary code execution via unconstrained download_path in confluence_download_attachment","summary":"The MCP Atlassian tool's `confluence_download_attachment` function has a critical vulnerability where it writes downloaded files to any path on the system without checking directory boundaries. An attacker who can upload a malicious attachment to Confluence and call this tool can write arbitrary content anywhere the server process has write permissions, enabling arbitrary code execution (the ability to run any commands on the system), such as by writing a malicious cron job (a scheduled task) to execute automatically.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-xjgw-4wvw-rgm4","publishedAt":"2026-03-10T18:56:07.000Z","cveId":"CVE-2026-27825","cweIds":null,"cvssScore":null,"cvssSeverity":"critical","severity":"critical","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":["mcp-atlassian@< 0.17.0 (fixed: 0.17.0)"],"affectedVendors":[],"affectedVendorsRaw":["Atlassian","MCP"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-03-10T18:56:07.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}