Overview.

---

Atlassian released updates to address a number of vulnerabilities in its products through its April 2026 Security Advisory.

Affected products.

---

affected products include Data Center and Server versions of Bamboo, Bitbucket, Confluence, Crowd, Jira Core, Jira Service Management, and Jira Software.

Summary of key vulnerabilities.

---

a remote code execution vulnerability (CVE-2022-1471, CVSS 9.8) has been reported in Jira Software Data Center.
a mXSS (Mutated XSS) vulnerability (CVE-2024-47875, CVSS 10.0) affects Jira Software Data Center and Server.
denial of Service (DoS) vulnerabilities (CVE-2023-3635, CVE-2023-1370, CVE-2026-25547, and others) have been identified in Jira Software Data Center.
improper access control vulnerability (CVE-2025-48734, CVSS 8.8) was reported.
man-in-the-middle attack potential (MITM, CVE-2021-0341) exists in some Data Center and Server configurations.

Patch and advisory status.

---

Atlassian has released fixes for each product based on advisories published on April 21, 2026.
the report includes a detailed list of targeted versions and corresponding patch versions.
affected systems should upgrade to the latest version of the advisory.

Notes.

---

the vulnerabilities include instances where the vulnerabilities stem from external library dependencies (snakeyaml, okio, json-smart, dompurify, etc.).
official advisories and CVE references are documented on the Atlassian Security Advisories page and in the respective issue trackers.