CVE-2026-21569

CWE-611 — XML External Entity (XXE)4 documents4 sources

Severity

7.9HIGH

EPSS

0.0%

top 94.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Atlassian Crowd Atlassian Crowd Data Center

Timeline

PublishedJan 28

Description

This High severity XXE (XML External Entity Injection) vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server. This XXE (XML External Entity Injection) vulnerability, with a CVSS Score of 7.9, allows an authenticated attacker to access local and remote content which has high impact to confidentiality, low impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Crowd Data Center and Server customers upgrade to latest v…

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:HExploitability: 1.3 | Impact: 6.0

Affected Packages2 packages

▶CVEListV5atlassian/crowd_data_center7.1.0 to 7.1.2

▶NVDatlassian/crowd7.1.0 — 7.1.3

🔴Vulnerability Details

GHSA

GHSA-5x73-r429-p343: This High severity XXE (XML External Entity Injection) vulnerability was introduced in version 7↗2026-01-28

▶

CVEList

CVE-2026-21569: This High severity XXE (XML External Entity Injection) vulnerability was introduced in version 7↗2026-01-28

▶

🕵️Threat Intelligence

Wiz

CVE-2026-21569 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶