PT-2026-25921 · Atlassian · Bamboo

Security Metrics Bot

Publicado

2026-03-17

Atualizado

2026-03-19

CVE-2026-21570

CVSS v4.0

8.6

Alta

Vetor

AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Bamboo Data Center versions 9.6.0 through 9.6.23 Bamboo Data Center versions 10.0.0 through 10.1.0 Bamboo Data Center versions 10.2.0 through 10.2.15 Bamboo Data Center versions 11.0.0 through 11.1.0 Bamboo Data Center versions 12.0.0 through 12.1.2

Description A high-severity Remote Code Execution (RCE) issue exists in Bamboo Data Center. This allows an authenticated attacker to execute malicious code on the remote system. The issue was reported through the Atlassian internal program.

Recommendations Bamboo Data Center versions 9.6.0 through 9.6.23: Upgrade to version 9.6.24 or later. Bamboo Data Center versions 10.0.0 through 10.1.0: Upgrade to version 10.2.16 or later. Bamboo Data Center versions 10.2.0 through 10.2.15: Upgrade to version 10.2.16 or later. Bamboo Data Center versions 11.0.0 through 11.1.0: Upgrade to version 12.1.3 or later. Bamboo Data Center versions 12.0.0 through 12.1.2: Upgrade to version 12.1.3 or later.

Correção

RCE

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2026-21570

Produtos afetados

Bamboo

PT-2026-25921 · Atlassian · Bamboo

CVE-2026-21570

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6