PT-2026-4358 · Atlassian · Crowd Server+1
Security Metrics Bot
·
Published
2026-01-23
·
Updated
2026-01-28
·
CVE-2026-21569
CVSS v3.1
7.9
High
| Vector | AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:H |
Name of the Vulnerable Software and Affected Versions
Crowd Data Center and Server versions 7.1.0 through 7.1.2
Description
An authenticated attacker can access local and remote content due to an XML External Entity Injection (XXE) issue. This can have a high impact on confidentiality and availability. The issue was reported through an internal program.
Recommendations
Upgrade to a release greater than or equal to Crowd Data Center and Server version 7.1.3.
Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Crowd
Crowd Server