PT-2026-25921 · Atlassian · Bamboo
Security Metrics Bot
·
Published
2026-03-17
·
Updated
2026-03-19
·
CVE-2026-21570
CVSS v4.0
8.6
High
| Vector | AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Bamboo Data Center versions 9.6.0 through 9.6.23
Bamboo Data Center versions 10.0.0 through 10.1.0
Bamboo Data Center versions 10.2.0 through 10.2.15
Bamboo Data Center versions 11.0.0 through 11.1.0
Bamboo Data Center versions 12.0.0 through 12.1.2
Description
A high-severity Remote Code Execution (RCE) issue exists in Bamboo Data Center. This allows an authenticated attacker to execute malicious code on the remote system. The issue was reported through the Atlassian internal program.
Recommendations
Bamboo Data Center versions 9.6.0 through 9.6.23: Upgrade to version 9.6.24 or later.
Bamboo Data Center versions 10.0.0 through 10.1.0: Upgrade to version 10.2.16 or later.
Bamboo Data Center versions 10.2.0 through 10.2.15: Upgrade to version 10.2.16 or later.
Bamboo Data Center versions 11.0.0 through 11.1.0: Upgrade to version 12.1.3 or later.
Bamboo Data Center versions 12.0.0 through 12.1.2: Upgrade to version 12.1.3 or later.
Fix
RCE
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bamboo