Atlassian Bamboo Data Center vulnerabilities

CVE-2026-21571 [CRITICAL] CWE-78 CVE-2026-21571: This Critical severity OS Command Injection vulnerability was introduced in versions 9.6.0, 10.0.0, This Critical severity OS Command Injection vulnerability was introduced in versions 9.6.0, 10.0.0, 10.1.0, 10.2.0, 11.0.0, 11.1.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 9.4 and a CVSS Vector of CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H allows an authenti

CVE-2026-21570 [HIGH] CWE-94 CVE-2026-21570: This High severity RCE (Remote Code Execution)  vulnerability was introduced in versions 9.6.0, 10.0 This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 9.6.0, 10.0.0, 10.1.0, 10.2.0, 11.0.0, 11.1.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.6, allows an authenticated attacker to execute malicious code on the remote system. Atlassian recommends

CVE-2024-47561 [CRITICAL] CVE-2024-47561: RCE (Remote Code Execution) org.apache.avro:avro Dependency in Bamboo Data Center and Server CVE-2024-47561: RCE (Remote Code Execution) org.apache.avro:avro Dependency in Bamboo Data Center and Server RCE (Remote Code Execution) org.apache.avro:avro Dependency in Bamboo Data Center and Server CVE: CVE-2024-47561 Affected products: Bamboo Data Center

CVE-2024-21689 [HIGH] CWE-94 CVE-2024-21689: This High severity RCE (Remote Code Execution) vulnerability CVE-2024-21689  was introduced in versi This High severity RCE (Remote Code Execution) vulnerability CVE-2024-21689 was introduced in versions 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bamboo Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.6, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiali

CVE-2024-21687 [HIGH] CWE-98 CVE-2024-21687: This High severity File Inclusion vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3. This High severity File Inclusion vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0 and 9.6.0 of Bamboo Data Center and Server. This File Inclusion vulnerability, with a CVSS Score of 8.1, allows an authenticated attacker to get the application to display the contents of a local file, or execute a different files alread

CVE-2024-1597 [CRITICAL] SQLi (SQL Injection) org.postgresql:postgresql Dependency in Bamboo Data Center and Server NOTE : CVE-2024-1597 is a cri SQLi (SQL Injection) org.postgresql:postgresql Dependency in Bamboo Data Center and Server NOTE : CVE-2024-1597 is a cri SQLi (SQL Injection) org.postgresql:postgresql Dependency in Bamboo Data Center and Server NOTE : CVE-2024-1597 is a critical vulnerability in a non-Atlassian Bamboo dependency. However, Atlassian’s application of the dependency pre

CVE-2018-10054 [HIGH] CVE-2018-10054: RCE (Remote Code Execution) com.h2database:h2 Dependency in Bamboo Data Center and Server CVE-2018-10054: RCE (Remote Code Execution) com.h2database:h2 Dependency in Bamboo Data Center and Server RCE (Remote Code Execution) com.h2database:h2 Dependency in Bamboo Data Center and Server CVE: CVE-2018-10054 Severity: HIGH Affected products: Bamboo Data Center

CVE-2017-7957 [HIGH] CVE-2017-7957: DoS (Denial of Service) org.jvnet.hudson:xstream Dependency in Bamboo Data Center and Server CVE-2017-7957: DoS (Denial of Service) org.jvnet.hudson:xstream Dependency in Bamboo Data Center and Server DoS (Denial of Service) org.jvnet.hudson:xstream Dependency in Bamboo Data Center and Server CVE: CVE-2017-7957 Severity: HIGH Affected products: Bamboo Data Center

CVE-2022-4244 [HIGH] CVE-2022-4244: Info Disclosure org.codehaus.plexus:plexus-utils Dependency in Bamboo Data Center and Server CVE-2022-4244: Info Disclosure org.codehaus.plexus:plexus-utils Dependency in Bamboo Data Center and Server Info Disclosure org.codehaus.plexus:plexus-utils Dependency in Bamboo Data Center and Server CVE: CVE-2022-4244 Severity: HIGH Affected products: Bamboo Data Center

CVE-2020-26217 [HIGH] CVE-2020-26217: RCE (Remote Code Execution) org.jvnet.hudson:xstream Dependency in Bamboo Data Center and Server CVE-2020-26217: RCE (Remote Code Execution) org.jvnet.hudson:xstream Dependency in Bamboo Data Center and Server RCE (Remote Code Execution) org.jvnet.hudson:xstream Dependency in Bamboo Data Center and Server CVE: CVE-2020-26217 Severity: HIGH Affected products: Bamboo Data Center

CVE-2022-40152 [MEDIUM] CVE-2022-40152: DoS (Denial of Service) com.fasterxml.woodstox:woodstox-core Dependency in Bamboo Data Center and Server CVE-2022-40152: DoS (Denial of Service) com.fasterxml.woodstox:woodstox-core Dependency in Bamboo Data Center and Server DoS (Denial of Service) com.fasterxml.woodstox:woodstox-core Dependency in Bamboo Data Center and Server CVE: CVE-2022-40152 Severity: HIGH Affected products: Bamboo Data Center

CVE-2023-39410 [HIGH] CVE-2023-39410: DoS (Denial of Service) org.apache.avro:avro Dependency in Bamboo Data Center and Server CVE-2023-39410: DoS (Denial of Service) org.apache.avro:avro Dependency in Bamboo Data Center and Server DoS (Denial of Service) org.apache.avro:avro Dependency in Bamboo Data Center and Server CVE: CVE-2023-39410 Severity: HIGH Affected products: Bamboo Data Center

CVE-2023-22516 [HIGH] CVE-2023-22516: This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 8.1.0, 8.2.0 This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.0, and 9.3.0 of Bamboo Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to int

CVE-2023-34396 [MEDIUM] CVE-2023-34396: DoS (Denial of Service) apache-struts in Bamboo Data Center and Server CVE-2023-34396: DoS (Denial of Service) apache-struts in Bamboo Data Center and Server DoS (Denial of Service) apache-struts in Bamboo Data Center and Server CVE: CVE-2023-34396 Severity: HIGH Affected products: Bamboo Data Center

CVE-2023-22506 [HIGH] CWE-94 CVE-2023-22506: This High severity Injection and RCE (Remote Code Execution) vulnerability known as CVE-2023-22506 w This High severity Injection and RCE (Remote Code Execution) vulnerability known as CVE-2023-22506 was introduced in version 8.0.0 of Bamboo Data Center. This Injection and RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.5, allows an authenticated attacker to modify the actions taken by a system call and execute arbitrary code which

CVE-2022-26136 [CRITICAL] CWE-180 CVE-2022-26136: A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass S A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released update

CVE-2022-26137 [HIGH] CWE-180 CVE-2022-26137: A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause ad A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability: Cross-origin resource sharing (CORS) bypass. Sending a speci