8.6
CVE-2026-21570
- EPSS 0.51%
- Veröffentlicht 17.03.2026 18:00:00
- Zuletzt bearbeitet 18.03.2026 14:52:44
- Quelle security@atlassian.com
- CVE-Watchlists
- Unerledigt
This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 9.6.0, 10.0.0, 10.1.0, 10.2.0, 11.0.0, 11.1.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.6, allows an authenticated attacker to execute malicious code on the remote system. Atlassian recommends that Bamboo Data Center customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Bamboo Data Center 9.6: Upgrade to a release greater than or equal to 9.6.24 Bamboo Data Center 10.2: Upgrade to a release greater than or equal to 10.2.16 Bamboo Data Center 12.1: Upgrade to a release greater than or equal to 12.1.3 See the release notes ([https://confluence.atlassian.com/bambooreleases/bamboo-release-notes-1189793869.html]). You can download the latest version of Bamboo Data Center from the download center ([https://www.atlassian.com/software/bamboo/download-archives]). This vulnerability was reported via our Atlassian (Internal) program.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerAtlassian
≫
Produkt
Bamboo Data Center
Version
12.1.0 to 12.1.2
Status
affected
Version
12.0.0 to 12.0.2
Status
affected
Version
11.0.0 to 11.0.8
Status
affected
Version
10.2.0 to 10.2.15
Status
affected
Version
10.1.0 to 10.1.1
Status
affected
Version
10.0.0 to 10.0.3
Status
affected
Version
9.6.1 to 9.6.23
Status
affected
Version
12.1.3
Status
unaffected
Version
10.2.16
Status
unaffected
Version
9.6.24
Status
unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.51% | 0.392 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@atlassian.com | 8.6 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://confluence.atlassian.com/pages/viewpage.action?pageId=1721271371
https://jira.atlassian.com/browse/BAM-26342