{"vulnerability": "CVE-2026-27826", "sightings": [{"uuid": "a90a0b25-3976-46d0-9d11-b81ba0475f36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-27826", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mjfaqdhi6q2p", "content": "", "creation_timestamp": "2026-04-13T16:07:07.430709Z"}, {"uuid": "19950851-adb3-45ad-b064-9c07e2dde678", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-27826", "type": "seen", "source": "https://swecyb.com/ap/users/116080658609901341/statuses/116536100010719335", "content": "(bishopfox.com) SSRF and Token Passthrough in MCP Servers: Old Vulnerabilities in New Integrations\nCritical SSRF-to-RCE chain (CVE-2026-27826) in mcp-atlassian highlights resurgent risks in MCP server integrations. Attackers exploit lax URL validation to access internal systems, cloud metadata, or achieve RCE via path traversal (CVE-2026-27825).\nIn brief - SSRF and token passthrough vulnerabilities in MCP servers (e.g., Atlassian, Microsoft) enable unauthorized access to internal resources, credential exfiltration, and RCE. Mitigations include strict destination validation and network segmentation.\nTechnically - MCP servers accepting arbitrary URIs without validation (e.g., mcp-atlassian\u2019s custom header injection) allow SSRF targeting localhost/cloud metadata (AWS 169.254.169.254). Token passthrough flaws violate OAuth principles, enabling security control bypass. Mitigations: block private IP ranges, enforce allowlists, and adopt RFC 8693 for scoped token exchange.\nSource: https://bishopfox.com/blog/otto-support-ssrf-token-passthrough-with-mcp\n#Cybersecurity #ThreatIntel", "creation_timestamp": "2026-05-08T02:20:58.983689Z"}, {"uuid": "3c322502-9584-4782-910a-dcabe36c0e91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-27826", "type": "seen", "source": "https://gist.github.com/alon710/318772c839d4af9a91549fceab76247e", "content": "", "creation_timestamp": "2026-03-10T19:10:06.000000Z"}, {"uuid": "16a6b27c-550e-404e-b85f-e06b979e8e39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-27826", "type": "seen", "source": "https://gist.github.com/alon710/466922a78fd1f1a990595c00598870a1", "content": "", "creation_timestamp": "2026-03-10T19:40:06.000000Z"}]}