https://vulnerability.circl.lu/sightings/feed 2026-06-05T10:23:31.098122+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/d83785a4-835a-4d71-ae72-3143b39a45bd/export 2026-06-05T10:23:31.464361+00:00 Joseph Lee https://cve.circl.lu/user/syspect {"uuid": "d83785a4-835a-4d71-ae72-3143b39a45bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-27826", "type": "published-proof-of-concept", "source": "https://github.com/sooperset/mcp-atlassian/security/advisories/GHSA-7r34-79r5-rcc9", "content": "", "creation_timestamp": "2026-02-24T11:57:17.000000Z"} 2026-02-24T11:57:17+00:00 https://vulnerability.circl.lu/sighting/3c322502-9584-4782-910a-dcabe36c0e91/export 2026-06-05T10:23:31.464246+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "3c322502-9584-4782-910a-dcabe36c0e91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-27826", "type": "seen", "source": "https://gist.github.com/alon710/318772c839d4af9a91549fceab76247e", "content": "", "creation_timestamp": "2026-03-10T19:10:06.000000Z"} 2026-03-10T19:10:06+00:00 https://vulnerability.circl.lu/sighting/16a6b27c-550e-404e-b85f-e06b979e8e39/export 2026-06-05T10:23:31.464120+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "16a6b27c-550e-404e-b85f-e06b979e8e39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-27826", "type": "seen", "source": "https://gist.github.com/alon710/466922a78fd1f1a990595c00598870a1", "content": "", "creation_timestamp": "2026-03-10T19:40:06.000000Z"} 2026-03-10T19:40:06+00:00 https://vulnerability.circl.lu/sighting/a90a0b25-3976-46d0-9d11-b81ba0475f36/export 2026-06-05T10:23:31.463969+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "a90a0b25-3976-46d0-9d11-b81ba0475f36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-27826", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mjfaqdhi6q2p", "content": "", "creation_timestamp": "2026-04-13T16:07:07.430709Z"} 2026-04-13T16:07:07.430709+00:00 https://vulnerability.circl.lu/sighting/19950851-adb3-45ad-b064-9c07e2dde678/export 2026-06-05T10:23:31.462105+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "19950851-adb3-45ad-b064-9c07e2dde678", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-27826", "type": "seen", "source": "https://swecyb.com/ap/users/116080658609901341/statuses/116536100010719335", "content": "(bishopfox.com) SSRF and Token Passthrough in MCP Servers: Old Vulnerabilities in New Integrations\nCritical SSRF-to-RCE chain (CVE-2026-27826) in mcp-atlassian highlights resurgent risks in MCP server integrations. Attackers exploit lax URL validation to access internal systems, cloud metadata, or achieve RCE via path traversal (CVE-2026-27825).\nIn brief - SSRF and token passthrough vulnerabilities in MCP servers (e.g., Atlassian, Microsoft) enable unauthorized access to internal resources, credential exfiltration, and RCE. Mitigations include strict destination validation and network segmentation.\nTechnically - MCP servers accepting arbitrary URIs without validation (e.g., mcp-atlassian\u2019s custom header injection) allow SSRF targeting localhost/cloud metadata (AWS 169.254.169.254). Token passthrough flaws violate OAuth principles, enabling security control bypass. Mitigations: block private IP ranges, enforce allowlists, and adopt RFC 8693 for scoped token exchange.\nSource: https://bishopfox.com/blog/otto-support-ssrf-token-passthrough-with-mcp\n#Cybersecurity #ThreatIntel", "creation_timestamp": "2026-05-08T02:20:58.983689Z"} 2026-05-08T02:20:58.983689+00:00