GHSA-xjgw-4wvw-rgm4: MCP Atlassian has an arbitrary file write leading to arbitrary code execution via unconstrained download_path in confluence_download_attachment
criticalvulnerability
security
Summary
The MCP Atlassian tool's `confluence_download_attachment` function has a critical vulnerability where it writes downloaded files to any path on the system without checking directory boundaries. An attacker who can upload a malicious attachment to Confluence and call this tool can write arbitrary content anywhere the server process has write permissions, enabling arbitrary code execution (the ability to run any commands on the system), such as by writing a malicious cron job (a scheduled task) to execute automatically.
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.0%
Patch Available
Yes
Disclosure Date
March 10, 2026
Classification
Attack Type
Supply Chain
Attack SophisticationModerate
Impact (CIA+S)
integrityavailability
Affected Vendors
Affected Packages
mcp-atlassian@< 0.17.0 (fixed: 0.17.0)
Related Issues
Original source: https://github.com/advisories/GHSA-xjgw-4wvw-rgm4
First tracked: March 10, 2026 at 04:00 PM
Classified by LLM (prompt v3) · confidence: 85%