The mcp-atlassian Model Context Protocol server contains a high-severity Server-Side Request Forgery vulnerability in its custom HTTP header parsing logic. An unauthenticated attacker can supply arbitrary URLs in specially crafted HTTP headers, causing the MCP server to issue requests to internal services that should be unreachable from external networks.
This is the second critical CVE in mcp-atlassian disclosed within 24 hours — the first being CVE-2026-27825, a critical arbitrary file write via path traversal in the Confluence attachment downloader. Both vulnerabilities require no authentication, meaning any network-accessible mcp-atlassian instance is exposed without user interaction.
Any enterprise AI agent integrated with Jira or Confluence via mcp-atlassian is potentially a pivot point into the organization's internal network. Blast radius scales with agent privilege: an agent with broad Atlassian access can be weaponized to probe or exfiltrate data from internal services (databases, metadata APIs, internal tools) that the MCP server can reach but external attackers cannot.
Immediate recommendation: Audit all active mcp-atlassian deployments and restrict network access to the MCP server. Apply vendor patch immediately when available; until then, treat mcp-atlassian instances as high-risk infrastructure requiring network segmentation.