GHSA-g5r6-gv6m-f5jv: mcp-atlassian: Arbitrary file read via missing path validation in confluence_upload_attachment
Summary
The mcp-atlassian tool's `confluence_upload_attachment` function has a critical vulnerability where it reads files from any path without validation, allowing authenticated users or AI agents tricked via prompt injection (hidden malicious instructions in text input) to steal sensitive files like SSH keys and environment variables containing API credentials. Attackers can exploit this by manipulating an AI agent to upload protected files to Confluence, or by directly calling the vulnerable function if they have MCP (model context protocol, a tool-calling interface) access.
Solution / Mitigation
Add `validate_safe_path(file_path)` before the `open(file_path, "rb")` call in the `_upload_attachment_direct()` function in `src/mcp_atlassian/confluence/attachments.py`. This validation function already exists and is used correctly in the `download_attachment()` function in the same file.
Classification
Affected Vendors
Affected Packages
Related Issues
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Original source: https://github.com/advisories/GHSA-g5r6-gv6m-f5jv
First tracked: July 10, 2026 at 08:01 PM
Classified by LLM (prompt v3) · confidence: 92%