[CIAD-2026-0003] Multiple Vulnerabilities in Atlassian Products
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Multiple Vulnerabilities in Atlassian Products
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: High
Software Affected
Bamboo Data Center and Server
Bitbucket Data Center and Server
Confluence Data Center and Server
Crowd Data Center and Server
Jira Data Center and Server
Jira Service Management Data Center and Server
Overview
Multiple vulnerabilities have been reported in Atlassian Products which could allow a remote attacker to perform XML External Entity Injection, Server-Side Request Forgery, Remote Code Execution, Man-in-the-Middle, Cross Site Scripting and cause DoS (Denial of Service) conditions on the targeted system.
Target Audience:
All end-user organisations and individuals using Atlassian applications.
Risk Assessment:
High risk of remote code execution, privilege escalation, bypass authentication mechanisms, inject malicious code, or gain elevated privileges within the affected environment.
Impact Assessment:
Potential for unauthorized access to Atlassian instances, data manipulation, service disruption, and potential compromise of connected systems.
Description
Multiple vulnerabilities have been reported in various Atlassian Products.
Solution
Apply appropriate updates as mentioned in Atlassian security bulletin:
https://confluence.atlassian.com/security/security-bulletin-january-20-2026-1712324819.html
References
Atlassian
https://confluence.atlassian.com/security/security-bulletin-january-20-2026-1712324819.html
CVE Name
CVE-2025-54988
CVE-2025-12383
CVE-2025-55163
CVE-2025-27152
CVE-2025-52999
CVE-2024-38286
CVE-2025-48989
CVE-2025-55752
CVE-2025-41249
CVE-2025-66516
CVE-2025-53689
CVE-2025-49146
CVE-2026-21569
CVE-2025-48976
CVE-2025-64775
CVE-2025-15284
CVE-2025-52434
CVE-2024-21538
CVE-2021-3807
CVE-2025-9288
CVE-2025-9287
CVE-2024-45801
CVE-2025-52434
CVE-2022-25883
CVE-2024-45296
CVE-2022-45693
CVE-2024-45801
CVE-2025-9288
CVE-2025-9287
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAml0sPsACgkQ3jCgcSdc
ys9pdxAAlysmIwlHi19Zu7V/vMlMyJNIddK99EIx1D3FmqCmrgeWJnXZnBnwg9Ia
lA8Hi/GDEykO3cb4zBX1WwlPLphkzXXRhib9IVKgHGgBjqTE8GWBqiHy2n8i1DHL
2iY+vKYJKcDQgG8gkZrUqzN254pxFjo0RWVG65IqPVMSX5vO+uQdmetcMNJwRXBU
WXUNKAXpZE8DzGP3ykA0IDmVLdL67ZIxdRdLzrZgjosrxNkbZ7gJOKuMjCAsxFtv
/UQknS9rj5ErgWP0dsRWAb3kHH+Vz+8Q0feXmAELN+hy3KRDM+kiFZW5stfR13G+
rT6ao93KZ7Y/GMosjm0NhwseW6mYRxM/yfx+who/9pzqL2VC9ykb6sPPxoHVuDSQ
PZR9KRYtIGDGWsrwxw8PkzcDPNXjaM7qQ6kj9gwlshYvDFJfiwU5q+xmFUr/13d5
mPKUhLGWtDsf0DxGXfdPoZbBTs1sauvsfo6SOjsdIK0Cd+Iyt766lK+Gh3003bNL
7m4nqOQ0D9nYmXrjouEE93uQ3hpe60PfdwLkc80vtAYf6lDSoGaanhChGpPD6YN+
Id7JsL81JRdqaqAMqVv3BcprJ14unYrHSimWUFz/5+D5i/nbRYR8CCZdJht//4MG
WSJ1s4z3QKlA+2m5PnGYmFd/lTDbF8HcZcbUUUq2I2FSHbARFps=
=WNko
—–END PGP SIGNATURE—–
![[CIVN-2026-0045] Multiple Vulnerabilities in Mozilla Thunderbird](https://teamwin.in/wp-content/uploads/2025/06/certin-new-e1751351599950-500x383.png)
