Vulnerability-Lookup

CVE-2026-41293 (GCVE-0-2026-41293)

Vulnerability from cvelistv5 – Published: 2026-05-12 15:19 – Updated: 2026-05-14 19:54

Title

Apache Tomcat: HTTP/2 request headers not validated

Summary

Improper Input Validation vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 10.0.0-M1 through 10.0.27. Older, end of support versions may also be affected. Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.

Severity

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-20 - Improper Input Validation

Assigner

apache

References

2 references

URL	Tags
https://lists.apache.org/thread/qwg0q16z7xkb2qrr8…	vendor-advisory
http://www.openwall.com/lists/oss-security/2026/0…

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache Tomcat	Affected: 11.0.0-M1 , ≤ 11.0.21 (semver) Affected: 10.1.0-M1 , ≤ 10.1.54 (semver) Affected: 9.0.0.M1 , ≤ 9.0.117 (semver) Affected: 10.0.0-M1 , ≤ 10.0.27 (semver) Affected: 8.5.0 , ≤ 8.5.100 (semver)

Credits

Dawit Jeong (@dawitngoliath)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-05-12T17:40:57.407Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/12/13"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-41293",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-14T16:40:13.006509Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-14T19:54:07.534Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache Tomcat",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "11.0.21",
              "status": "affected",
              "version": "11.0.0-M1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.1.54",
              "status": "affected",
              "version": "10.1.0-M1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.0.117",
              "status": "affected",
              "version": "9.0.0.M1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.0.27",
              "status": "affected",
              "version": "10.0.0-M1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.5.100",
              "status": "affected",
              "version": "8.5.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Dawit Jeong (@dawitngoliath)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eImproper Input Validation vulnerability in Apache Tomcat.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 10.0.0-M1 through 10.0.27.\u003cbr\u003eOlder, end of support versions may also be affected.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.\u003c/p\u003e"
            }
          ],
          "value": "Improper Input Validation vulnerability in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 10.0.0-M1 through 10.0.27.\nOlder, end of support versions may also be affected.\n\nUsers are recommended to upgrade to version [FIXED_VERSION], which fixes the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "low"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-12T15:19:35.179Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/qwg0q16z7xkb2qrr853wdll5531mvl1r"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Apache Tomcat: HTTP/2 request headers not validated",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2026-41293",
    "datePublished": "2026-05-12T15:19:35.179Z",
    "dateReserved": "2026-04-20T10:26:28.623Z",
    "dateUpdated": "2026-05-14T19:54:07.534Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-41293",
      "date": "2026-06-24",
      "epss": "0.00996",
      "percentile": "0.58184"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-41293\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2026-05-12T16:16:17.553\",\"lastModified\":\"2026-05-15T15:57:18.900\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Input Validation vulnerability in Apache Tomcat.\\n\\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 10.0.0-M1 through 10.0.27.\\nOlder, end of support versions may also be affected.\\n\\nUsers are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.5.0\",\"versionEndIncluding\":\"8.5.100\",\"matchCriteriaId\":\"FF43D0D7-FBF3-4D7A-84C4-47B65A75A524\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndExcluding\":\"9.0.118\",\"matchCriteriaId\":\"1E5A897C-91F4-449E-984C-7D693B137EED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndIncluding\":\"10.0.27\",\"matchCriteriaId\":\"A1B15E74-3CBE-438A-AF89-84BFAB3C1639\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.1.0\",\"versionEndExcluding\":\"10.1.55\",\"matchCriteriaId\":\"5F289287-8587-4BB3-B4AB-3B5CF4A7D27A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"versionEndExcluding\":\"11.0.22\",\"matchCriteriaId\":\"03FB799D-A66F-4792-A0CF-16D67BB53F08\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/qwg0q16z7xkb2qrr853wdll5531mvl1r\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2026/05/12/13\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}"
  }
}

WID-SEC-W-2026-1514

Vulnerability from csaf_certbund - Published: 2026-05-12 22:00 - Updated: 2026-06-11 22:00

Summary

Apache Tomcat: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Apache Tomcat ist ein Web-Applikationsserver für verschiedene Plattformen.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Apache Tomcat ausnutzen, um Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, Daten zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen oder andere, nicht spezifizierte bezeichnete Angriffe durchzuführen.

Betroffene Betriebssysteme: - Sonstiges - UNIX - Windows

CVE-2026-41284

Affected products

Known affected 9 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Apache Tomcat <10.1.55 Apache / Tomcat		<10.1.55
Apache Tomcat <11.0.22 Apache / Tomcat		<11.0.22
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Apache Tomcat <9.0.118 Apache / Tomcat		<9.0.118
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2026-41293

Affected products

Known affected 9 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Apache Tomcat <10.1.55 Apache / Tomcat		<10.1.55
Apache Tomcat <11.0.22 Apache / Tomcat		<11.0.22
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Apache Tomcat <9.0.118 Apache / Tomcat		<9.0.118
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2026-42498

Affected products

Known affected 9 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Apache Tomcat <10.1.55 Apache / Tomcat		<10.1.55
Apache Tomcat <11.0.22 Apache / Tomcat		<11.0.22
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Apache Tomcat <9.0.118 Apache / Tomcat		<9.0.118
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2026-43512

Affected products

Known affected 9 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Apache Tomcat <10.1.55 Apache / Tomcat		<10.1.55
Apache Tomcat <11.0.22 Apache / Tomcat		<11.0.22
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Apache Tomcat <9.0.118 Apache / Tomcat		<9.0.118
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2026-43513

Affected products

Known affected 9 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Apache Tomcat <10.1.55 Apache / Tomcat		<10.1.55
Apache Tomcat <11.0.22 Apache / Tomcat		<11.0.22
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Apache Tomcat <9.0.118 Apache / Tomcat		<9.0.118
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2026-43514

Affected products

Known affected 9 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Apache Tomcat <10.1.55 Apache / Tomcat		<10.1.55
Apache Tomcat <11.0.22 Apache / Tomcat		<11.0.22
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Apache Tomcat <9.0.118 Apache / Tomcat		<9.0.118
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

CVE-2026-43515

Affected products

Known affected 9 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Apache Tomcat <10.1.55 Apache / Tomcat		<10.1.55
Apache Tomcat <11.0.22 Apache / Tomcat		<11.0.22
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Apache Tomcat <9.0.118 Apache / Tomcat		<9.0.118
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—

References

26 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://tomcat.apache.org/tomcat-9.0-doc/changelo…	external
https://tomcat.apache.org/tomcat-10.1-doc/changel…	external
https://tomcat.apache.org/tomcat-11.0-doc/changel…	external
https://seclists.org/oss-sec/2026/q2/499	external
https://seclists.org/oss-sec/2026/q2/500	external
https://seclists.org/oss-sec/2026/q2/501	external
https://seclists.org/oss-sec/2026/q2/495	external
https://seclists.org/oss-sec/2026/q2/496	external
https://seclists.org/oss-sec/2026/q2/497	external
https://seclists.org/oss-sec/2026/q2/498	external
https://access.redhat.com/errata/RHSA-2026:13745	external
https://access.redhat.com/errata/RHSA-2026:16528	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.debian.org/debian-lts-announce/2026…	external
https://lists.opensuse.org/archives/list/security…	external
https://alas.aws.amazon.com/AL2/ALAS2TOMCAT9-2026…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://security-tracker.debian.org/tracker/DSA-6329-1	external
https://security-tracker.debian.org/tracker/DSA-6328-1	external
https://ubuntu.com/security/notices/USN-8417-1	external
https://access.redhat.com/errata/RHSA-2026:25123	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Apache Tomcat ist ein Web-Applikationsserver f\u00fcr verschiedene Plattformen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Apache Tomcat ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, Daten zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren oder andere, nicht spezifizierte bezeichnete Angriffe durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-1514 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1514.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-1514 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1514"
      },
      {
        "category": "external",
        "summary": "Tomcat 9.0.118 Changelog vom 2026-05-12",
        "url": "https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.118_%28remm%29"
      },
      {
        "category": "external",
        "summary": "Tomcat 10.1.55 Changelog vom 2026-05-12",
        "url": "https://tomcat.apache.org/tomcat-10.1-doc/changelog.html#Tomcat_10.1.55_%28schultz%29"
      },
      {
        "category": "external",
        "summary": "Tomcat 11.0.22 Changelog vom 2026-05-12",
        "url": "https://tomcat.apache.org/tomcat-11.0-doc/changelog.html#Tomcat_11.0.22_%28markt%29"
      },
      {
        "category": "external",
        "summary": "CVE-2026-41284: Apache Tomcat: Unbounded read in WebDAV LOCK and PROPFIND handling vom 2026-05-12",
        "url": "https://seclists.org/oss-sec/2026/q2/499"
      },
      {
        "category": "external",
        "summary": "CVE-2026-41293: Apache Tomcat: HTTP/2 request headers not validated vom 2026-05-12",
        "url": "https://seclists.org/oss-sec/2026/q2/500"
      },
      {
        "category": "external",
        "summary": "CVE-2026-42498: Apache Tomcat: WebSocket authentication header exposure vom 2026-05-12",
        "url": "https://seclists.org/oss-sec/2026/q2/501"
      },
      {
        "category": "external",
        "summary": "CVE-2026-43512: Apache Tomcat: Digest authenticator will authenticate any unknown user vom 2026-05-12",
        "url": "https://seclists.org/oss-sec/2026/q2/495"
      },
      {
        "category": "external",
        "summary": "CVE-2026-43513: Apache Tomcat: LockOutRealm treats user names as case-sensitive vom 2026-05-12",
        "url": "https://seclists.org/oss-sec/2026/q2/496"
      },
      {
        "category": "external",
        "summary": "CVE-2026-43514: Apache Tomcat: AJP secret compared in non-constant time vom 2026-05-12",
        "url": "https://seclists.org/oss-sec/2026/q2/497"
      },
      {
        "category": "external",
        "summary": "CVE-2026-43515: Apache Tomcat: Security constraints not correctly applied vom 2026-05-12",
        "url": "https://seclists.org/oss-sec/2026/q2/498"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:13745 vom 2026-05-28",
        "url": "https://access.redhat.com/errata/RHSA-2026:13745"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:16528 vom 2026-05-28",
        "url": "https://access.redhat.com/errata/RHSA-2026:16528"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:10926-1 vom 2026-06-05",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EAWPQZS5U2ZRRCJCB7SUATFWSLFSQJ45/"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:10927-1 vom 2026-06-05",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/I5CAG66XW37HZ5G7VC4CN4HMJYOCCYA6/"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4619 vom 2026-06-07",
        "url": "https://lists.debian.org/debian-lts-announce/2026/06/msg00008.html"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:10925-1 vom 2026-06-05",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CVVBYAOA37ASFUT7AGSXLIKJLFQDFQ6F/"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2TOMCAT9-2026-026 vom 2026-06-08",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2TOMCAT9-2026-026.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:2299-1 vom 2026-06-08",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026605.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-6329 vom 2026-06-08",
        "url": "https://security-tracker.debian.org/tracker/DSA-6329-1"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-6328 vom 2026-06-08",
        "url": "https://security-tracker.debian.org/tracker/DSA-6328-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-8417-1 vom 2026-06-10",
        "url": "https://ubuntu.com/security/notices/USN-8417-1"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:25123 vom 2026-06-11",
        "url": "https://access.redhat.com/errata/RHSA-2026:25123"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:2374-1 vom 2026-06-11",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026709.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:2377-1 vom 2026-06-11",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026706.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Apache Tomcat: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-06-11T22:00:00.000+00:00",
      "generator": {
        "date": "2026-06-12T07:38:03.471+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.6.0"
        }
      },
      "id": "WID-SEC-W-2026-1514",
      "initial_release_date": "2026-05-12T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-05-12T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-05-19T22:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz(en) aufgenommen: GHSA-5M62-PW8W-7W9F"
        },
        {
          "date": "2026-05-28T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-06-07T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von openSUSE und Debian aufgenommen"
        },
        {
          "date": "2026-06-08T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Amazon, SUSE und Debian aufgenommen"
        },
        {
          "date": "2026-06-09T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2026-06-10T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-06-11T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von SUSE aufgenommen"
        }
      ],
      "status": "final",
      "version": "8"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c9.0.118",
                "product": {
                  "name": "Apache Tomcat \u003c9.0.118",
                  "product_id": "T053965"
                }
              },
              {
                "category": "product_version",
                "name": "9.0.118",
                "product": {
                  "name": "Apache Tomcat 9.0.118",
                  "product_id": "T053965-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:apache:tomcat:9.0.118"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c10.1.55",
                "product": {
                  "name": "Apache Tomcat \u003c10.1.55",
                  "product_id": "T053967"
                }
              },
              {
                "category": "product_version",
                "name": "10.1.55",
                "product": {
                  "name": "Apache Tomcat 10.1.55",
                  "product_id": "T053967-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:apache:tomcat:10.1.55"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c11.0.22",
                "product": {
                  "name": "Apache Tomcat \u003c11.0.22",
                  "product_id": "T053968"
                }
              },
              {
                "category": "product_version",
                "name": "11.0.22",
                "product": {
                  "name": "Apache Tomcat 11.0.22",
                  "product_id": "T053968-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:apache:tomcat:11.0.22"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Tomcat"
          }
        ],
        "category": "vendor",
        "name": "Apache"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "SUSE openSUSE",
            "product": {
              "name": "SUSE openSUSE",
              "product_id": "T027843",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:opensuse:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-41284",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T053967",
          "T053968",
          "T027843",
          "T053965",
          "398363"
        ]
      },
      "release_date": "2026-05-12T22:00:00.000+00:00",
      "title": "CVE-2026-41284"
    },
    {
      "cve": "CVE-2026-41293",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T053967",
          "T053968",
          "T027843",
          "T053965",
          "398363"
        ]
      },
      "release_date": "2026-05-12T22:00:00.000+00:00",
      "title": "CVE-2026-41293"
    },
    {
      "cve": "CVE-2026-42498",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T053967",
          "T053968",
          "T027843",
          "T053965",
          "398363"
        ]
      },
      "release_date": "2026-05-12T22:00:00.000+00:00",
      "title": "CVE-2026-42498"
    },
    {
      "cve": "CVE-2026-43512",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T053967",
          "T053968",
          "T027843",
          "T053965",
          "398363"
        ]
      },
      "release_date": "2026-05-12T22:00:00.000+00:00",
      "title": "CVE-2026-43512"
    },
    {
      "cve": "CVE-2026-43513",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T053967",
          "T053968",
          "T027843",
          "T053965",
          "398363"
        ]
      },
      "release_date": "2026-05-12T22:00:00.000+00:00",
      "title": "CVE-2026-43513"
    },
    {
      "cve": "CVE-2026-43514",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T053967",
          "T053968",
          "T027843",
          "T053965",
          "398363"
        ]
      },
      "release_date": "2026-05-12T22:00:00.000+00:00",
      "title": "CVE-2026-43514"
    },
    {
      "cve": "CVE-2026-43515",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T053967",
          "T053968",
          "T027843",
          "T053965",
          "398363"
        ]
      },
      "release_date": "2026-05-12T22:00:00.000+00:00",
      "title": "CVE-2026-43515"
    }
  ]
}

WID-SEC-W-2026-1955

Vulnerability from csaf_certbund - Published: 2026-06-16 22:00 - Updated: 2026-06-17 22:00

Summary

Atlassian Bamboo, Bitbucket, Confluence, Fisheye, Crucible, Jira und Jira Service Management: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: Bamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet. Bitbucket ist ein Git-Server zur Sourcecode-Versionskontrolle. Confluence ist eine kommerzielle Wiki-Software. Fisheye ist ein Quellcode-Repository-Browser für Unternehmensteams. Crucible ist eine Code-Review-Lösung für Unternehmensteams. Jira ist eine Webanwendung zur Softwareentwicklung.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Atlassian Bamboo, Bitbucket, Confluence, Fisheye, Crucible, Jira und Jira Service Management ausnutzen, um beliebigen Code auszuführen, erweiterte Berechtigungen zu erlangen, Sicherheitsmaßnahmen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand auszulösen.

Betroffene Betriebssysteme: - Sonstiges - UNIX - Windows

CVE-2019-11272

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2021-3803

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2022-1471

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2022-22965

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2022-22978

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2022-31692

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2024-22257

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2025-22228

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-22732

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-24734

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-26996

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-27903

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-27904

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-29129

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-33870

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-33871

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-34077

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-34486

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-34487

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-40175

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-41044

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-41284

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-41293

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-42033

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-42035

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-42038

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-42043

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-42198

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-42211

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-42264

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-42342

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-42498

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-42579

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-42581

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-42583

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-42584

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-42585

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-42587

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-43512

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-43513

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-43515

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-44486

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-44487

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-44488

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-44492

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-44495

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-44496

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-45149

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-45736

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

References

4 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://confluence.atlassian.com/security/securit…	external
https://access.redhat.com/errata/RHSA-2026:22380	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Bamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet.\r\nBitbucket ist ein Git-Server zur Sourcecode-Versionskontrolle.\r\nConfluence ist eine kommerzielle Wiki-Software.\r\nFisheye ist ein Quellcode-Repository-Browser f\u00fcr Unternehmensteams. \r\nCrucible ist eine Code-Review-L\u00f6sung f\u00fcr Unternehmensteams.\r\nJira ist eine Webanwendung zur Softwareentwicklung.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Atlassian Bamboo, Bitbucket, Confluence, Fisheye, Crucible, Jira und Jira Service Management ausnutzen, um beliebigen Code auszuf\u00fchren, erweiterte Berechtigungen zu erlangen, Sicherheitsma\u00dfnahmen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand auszul\u00f6sen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-1955 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1955.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-1955 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1955"
      },
      {
        "category": "external",
        "summary": "Atlassian Security Bulletin Juni vom 2026-06-16",
        "url": "https://confluence.atlassian.com/security/security-bulletin-june-16-2026-1796309326.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:22380 vom 2026-06-18",
        "url": "https://access.redhat.com/errata/RHSA-2026:22380"
      }
    ],
    "source_lang": "en-US",
    "title": "Atlassian Bamboo, Bitbucket, Confluence, Fisheye, Crucible, Jira und Jira Service Management: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-06-17T22:00:00.000+00:00",
      "generator": {
        "date": "2026-06-18T07:59:55.017+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.6.0"
        }
      },
      "id": "WID-SEC-W-2026-1955",
      "initial_release_date": "2026-06-16T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-06-16T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-06-17T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Data Center \u003c12.1.8",
                "product": {
                  "name": "Atlassian Bamboo Data Center \u003c12.1.8",
                  "product_id": "T055489"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center 12.1.8",
                "product": {
                  "name": "Atlassian Bamboo Data Center 12.1.8",
                  "product_id": "T055489-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bamboo:data_center__12.1.8"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Data Center \u003c10.2.20",
                "product": {
                  "name": "Atlassian Bamboo Data Center \u003c10.2.20",
                  "product_id": "T055490"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center 10.2.20",
                "product": {
                  "name": "Atlassian Bamboo Data Center 10.2.20",
                  "product_id": "T055490-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bamboo:data_center__10.2.20"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Bamboo"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Data Center \u003c10.2.4",
                "product": {
                  "name": "Atlassian Bitbucket Data Center \u003c10.2.4",
                  "product_id": "T055492"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center 10.2.4",
                "product": {
                  "name": "Atlassian Bitbucket Data Center 10.2.4",
                  "product_id": "T055492-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:data_center__10.2.4"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Data Center \u003c9.4.21",
                "product": {
                  "name": "Atlassian Bitbucket Data Center \u003c9.4.21",
                  "product_id": "T055493"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center 9.4.21",
                "product": {
                  "name": "Atlassian Bitbucket Data Center 9.4.21",
                  "product_id": "T055493-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:data_center__9.4.21"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Data Center \u003c10.3.1",
                "product": {
                  "name": "Atlassian Bitbucket Data Center \u003c10.3.1",
                  "product_id": "T055494"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center 10.3.1",
                "product": {
                  "name": "Atlassian Bitbucket Data Center 10.3.1",
                  "product_id": "T055494-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:data_center__10.3.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Bitbucket"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Data Center \u003c10.2.13",
                "product": {
                  "name": "Atlassian Confluence Data Center \u003c10.2.13",
                  "product_id": "T055495"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center 10.2.13",
                "product": {
                  "name": "Atlassian Confluence Data Center 10.2.13",
                  "product_id": "T055495-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:data_center__10.2.13"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Data Center \u003c9.2.21",
                "product": {
                  "name": "Atlassian Confluence Data Center \u003c9.2.21",
                  "product_id": "T055496"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center 9.2.21",
                "product": {
                  "name": "Atlassian Confluence Data Center 9.2.21",
                  "product_id": "T055496-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:data_center__9.2.21"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Confluence"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c4.9.11",
                "product": {
                  "name": "Atlassian Crucible \u003c4.9.11",
                  "product_id": "T055498"
                }
              },
              {
                "category": "product_version",
                "name": "4.9.11",
                "product": {
                  "name": "Atlassian Crucible 4.9.11",
                  "product_id": "T055498-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:crucible:4.9.11"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Crucible"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c4.9.11",
                "product": {
                  "name": "Atlassian Fisheye \u003c4.9.11",
                  "product_id": "T055497"
                }
              },
              {
                "category": "product_version",
                "name": "4.9.11",
                "product": {
                  "name": "Atlassian Fisheye 4.9.11",
                  "product_id": "T055497-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:fisheye:4.9.11"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Fisheye"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Data Center \u003c11.3.7",
                "product": {
                  "name": "Atlassian Jira Data Center \u003c11.3.7",
                  "product_id": "T055499"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center 11.3.7",
                "product": {
                  "name": "Atlassian Jira Data Center 11.3.7",
                  "product_id": "T055499-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira:data_center__11.3.7"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Data Center \u003c10.3.22",
                "product": {
                  "name": "Atlassian Jira Data Center \u003c10.3.22",
                  "product_id": "T055500"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center 10.3.22",
                "product": {
                  "name": "Atlassian Jira Data Center 10.3.22",
                  "product_id": "T055500-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira:data_center__10.3.22"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Service Management Data Center and Server \u003c11.3.7",
                "product": {
                  "name": "Atlassian Jira Service Management Data Center and Server \u003c11.3.7",
                  "product_id": "T055501"
                }
              },
              {
                "category": "product_version",
                "name": "Service Management Data Center and Server 11.3.7",
                "product": {
                  "name": "Atlassian Jira Service Management Data Center and Server 11.3.7",
                  "product_id": "T055501-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira:service_management_data_center_and_server__11.3.7"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Service Management Data Center and Server \u003c10.3.22",
                "product": {
                  "name": "Atlassian Jira Service Management Data Center and Server \u003c10.3.22",
                  "product_id": "T055502"
                }
              },
              {
                "category": "product_version",
                "name": "Service Management Data Center and Server 10.3.22",
                "product": {
                  "name": "Atlassian Jira Service Management Data Center and Server 10.3.22",
                  "product_id": "T055502-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira:service_management_data_center_and_server__10.3.22"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Jira"
          }
        ],
        "category": "vendor",
        "name": "Atlassian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-11272",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2019-11272"
    },
    {
      "cve": "CVE-2021-3803",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2021-3803"
    },
    {
      "cve": "CVE-2022-1471",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2022-1471"
    },
    {
      "cve": "CVE-2022-22965",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2022-22965"
    },
    {
      "cve": "CVE-2022-22978",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2022-22978"
    },
    {
      "cve": "CVE-2022-31692",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2022-31692"
    },
    {
      "cve": "CVE-2024-22257",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2024-22257"
    },
    {
      "cve": "CVE-2025-22228",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2025-22228"
    },
    {
      "cve": "CVE-2026-22732",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-22732"
    },
    {
      "cve": "CVE-2026-24734",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-24734"
    },
    {
      "cve": "CVE-2026-26996",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-26996"
    },
    {
      "cve": "CVE-2026-27903",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-27903"
    },
    {
      "cve": "CVE-2026-27904",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-27904"
    },
    {
      "cve": "CVE-2026-29129",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-29129"
    },
    {
      "cve": "CVE-2026-33870",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-33870"
    },
    {
      "cve": "CVE-2026-33871",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-33871"
    },
    {
      "cve": "CVE-2026-34077",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-34077"
    },
    {
      "cve": "CVE-2026-34486",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-34486"
    },
    {
      "cve": "CVE-2026-34487",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-34487"
    },
    {
      "cve": "CVE-2026-40175",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-40175"
    },
    {
      "cve": "CVE-2026-41044",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-41044"
    },
    {
      "cve": "CVE-2026-41284",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-41284"
    },
    {
      "cve": "CVE-2026-41293",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-41293"
    },
    {
      "cve": "CVE-2026-42033",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-42033"
    },
    {
      "cve": "CVE-2026-42035",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-42035"
    },
    {
      "cve": "CVE-2026-42038",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-42038"
    },
    {
      "cve": "CVE-2026-42043",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-42043"
    },
    {
      "cve": "CVE-2026-42198",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-42198"
    },
    {
      "cve": "CVE-2026-42211",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-42211"
    },
    {
      "cve": "CVE-2026-42264",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-42264"
    },
    {
      "cve": "CVE-2026-42342",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-42342"
    },
    {
      "cve": "CVE-2026-42498",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-42498"
    },
    {
      "cve": "CVE-2026-42579",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-42579"
    },
    {
      "cve": "CVE-2026-42581",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-42581"
    },
    {
      "cve": "CVE-2026-42583",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-42583"
    },
    {
      "cve": "CVE-2026-42584",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-42584"
    },
    {
      "cve": "CVE-2026-42585",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-42585"
    },
    {
      "cve": "CVE-2026-42587",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-42587"
    },
    {
      "cve": "CVE-2026-43512",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-43512"
    },
    {
      "cve": "CVE-2026-43513",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-43513"
    },
    {
      "cve": "CVE-2026-43515",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-43515"
    },
    {
      "cve": "CVE-2026-44486",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-44486"
    },
    {
      "cve": "CVE-2026-44487",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-44487"
    },
    {
      "cve": "CVE-2026-44488",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-44488"
    },
    {
      "cve": "CVE-2026-44492",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-44492"
    },
    {
      "cve": "CVE-2026-44495",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-44495"
    },
    {
      "cve": "CVE-2026-44496",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-44496"
    },
    {
      "cve": "CVE-2026-45149",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-45149"
    },
    {
      "cve": "CVE-2026-45736",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-45736"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-41293 (GCVE-0-2026-41293)

WID-SEC-W-2026-1514

WID-SEC-W-2026-1955

Tags

Sightings

Nomenclature