Atlassian Product Security Update Advisory (CVE-2026-21570)

Mar 18 2026

Overview

We have released security updates to fix vulnerabilities in Atlassian products. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2026-21570

Bamboo Data Center and Server versions: 12.1.0 or later and 12.1.2 (LTS) or earlier
Bamboo Data Center and Server versions: 12.0.0 or later and 12.0.2 or earlier
Bamboo Data Center and Server versions: 11.0.0 or later and 11.0.8 or earlier
Bamboo Data Center and Server versions: 10.2.0 or later and 10.2.15 (LTS) or earlier
Bamboo Data Center and Server versions: 10.1.0 or later and 10.1.1 or earlier
Bamboo Data Center and Server versions: 10.0.0 or later and 10.0.3 or earlier
Bamboo Data Center and Server versions: 9.6.1 or later 9.6.23 (LTS) or earlier

Resolved Vulnerabilities

Remote code execution vulnerability in Bamboo Data Center (CVE-2026-21570)

Vulnerability Patches

Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest version of Vulnerability Patches.

CVE-2026-21570

Bamboo Data Center version: 12.1.3 (LTS)
Bamboo Data Center version: 10.2.16 (LTS)
Bamboo Data Center version: 9.6.24 (LTS)

References

[1] Security Bulletin – March 17 2026
https://confluence.atlassian.com/security/security-bulletin-march-17-2026-1721271371.html
[2] Remote Code Execution (RCE) in Bamboo Data Center
https://jira.atlassian.com/browse/BAM-26342

Atlassian Product Security Update Advisory (CVE-2026-21570)

Security Update Advisory for kubectl-mcp-server Command Injection Vulnerability (CVE-2025-69902)

Sequelize Security Update Advisory (CVE-2026-30951)

Tags:

Security Update Advisory for kubectl-mcp-server Command Injection Vulnerability (CVE-2025-69902)

Sequelize Security Update Advisory (CVE-2026-30951)