{"vulnerability": "CVE-2026-27826", "sightings": [{"uuid": "3c322502-9584-4782-910a-dcabe36c0e91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-27826", "type": "seen", "source": "https://gist.github.com/alon710/318772c839d4af9a91549fceab76247e", "content": "", "creation_timestamp": "2026-03-10T19:10:06.000000Z"}, {"uuid": "16a6b27c-550e-404e-b85f-e06b979e8e39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-27826", "type": "seen", "source": "https://gist.github.com/alon710/466922a78fd1f1a990595c00598870a1", "content": "", "creation_timestamp": "2026-03-10T19:40:06.000000Z"}, {"uuid": "a90a0b25-3976-46d0-9d11-b81ba0475f36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-27826", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mjfaqdhi6q2p", "content": "", "creation_timestamp": "2026-04-13T16:07:07.430709Z"}, {"uuid": "19950851-adb3-45ad-b064-9c07e2dde678", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-27826", "type": "seen", "source": "https://swecyb.com/ap/users/116080658609901341/statuses/116536100010719335", "content": "(bishopfox.com) SSRF and Token Passthrough in MCP Servers: Old Vulnerabilities in New Integrations\nCritical SSRF-to-RCE chain (CVE-2026-27826) in mcp-atlassian highlights resurgent risks in MCP server integrations. Attackers exploit lax URL validation to access internal systems, cloud metadata, or achieve RCE via path traversal (CVE-2026-27825).\nIn brief - SSRF and token passthrough vulnerabilities in MCP servers (e.g., Atlassian, Microsoft) enable unauthorized access to internal resources, credential exfiltration, and RCE. Mitigations include strict destination validation and network segmentation.\nTechnically - MCP servers accepting arbitrary URIs without validation (e.g., mcp-atlassian\u2019s custom header injection) allow SSRF targeting localhost/cloud metadata (AWS 169.254.169.254). Token passthrough flaws violate OAuth principles, enabling security control bypass. Mitigations: block private IP ranges, enforce allowlists, and adopt RFC 8693 for scoped token exchange.\nSource: https://bishopfox.com/blog/otto-support-ssrf-token-passthrough-with-mcp\n#Cybersecurity #ThreatIntel", "creation_timestamp": "2026-05-08T02:20:58.983689Z"}, {"uuid": "d83785a4-835a-4d71-ae72-3143b39a45bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-27826", "type": "published-proof-of-concept", "source": "https://github.com/sooperset/mcp-atlassian/security/advisories/GHSA-7r34-79r5-rcc9", "content": "", "creation_timestamp": "2026-02-24T11:57:17.000000Z"}, {"uuid": "39c21e66-737d-4e89-8d58-3836554f72dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-27826", "type": "seen", "source": "https://gist.github.com/alon710/bb39e6fca7620239b1bd8e5a02d98b4e", "content": "# GHSA-489G-7RXV-6C8Q: CVE-2026-27826: DNS Rebinding TOCTOU Bypass in mcp-atlassian Server\n\n&gt; **CVSS Score:** 8.2\n&gt; **Published:** 2026-07-10\n&gt; **Full Report:** https://cvereports.com/reports/GHSA-489G-7RXV-6C8Q\n\n## Summary\nA DNS-rebinding Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the mcp-atlassian server before version 0.17.0. The server processes unauthenticated client-supplied URLs via custom headers, validating the destination IP but failing to pin the resolved address before connecting. This allows remote adjacent-network attackers to achieve Server-Side Request Forgery (SSRF) and access restricted resources or cloud metadata services.\n\n## TL;DR\nUnauthenticated users can bypass SSRF protections via DNS rebinding (TOCTOU) in mcp-atlassian, gaining access to internal endpoints and cloud provider metadata.\n\n## Technical Details\n\n- **CWE ID**: CWE-918, CWE-367\n- **Attack Vector**: Adjacent Network (AV:A)\n- **CVSS Score**: 8.2\n- **EPSS Score**: 14.96%\n- **Exploit Status**: Proof of Concept / Active\n- **CISA KEV Status**: Not Listed\n\n## Affected Systems\n\n- mcp-atlassian\n- **mcp-atlassian**: &lt; 0.17.0 (Fixed in: `0.17.0`)\n\n## Mitigation\n\n- Upgrade mcp-atlassian to version 0.17.0 or higher\n- Configure the MCP_ALLOWED_URL_DOMAINS environment variable\n- Apply network-level firewall blocks (iptables) to restrict egress to internal ranges\n\n**Remediation Steps:**\n1. Verify current version of mcp-atlassian using pip show mcp-atlassian\n2. Update the package to version 0.17.0 or above: pip install --upgrade mcp-atlassian\n3. Restart the server process to apply the changes\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/GHSA-489G-7RXV-6C8Q) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-07-10T18:42:23.218032Z"}]}