Vulnerability-Lookup

CVE-2026-42579 (GCVE-0-2026-42579)

Vulnerability from cvelistv5 – Published: 2026-05-13 18:01 – Updated: 2026-05-18 15:40

Title

Netty: DNS Codec Input Validation Bypass in Netty (Encoder + Decoder)

Summary

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's DNS codec does not enforce RFC 1035 domain name constraints during either encoding or decoding. This creates a bidirectional attack surface: malicious DNS responses can exploit the decoder, and user-influenced hostnames can exploit the encoder. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

SSVC

Exploitation: poc Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-20 - Improper Input Validation
CWE-400 - Uncontrolled Resource Consumption
CWE-626 - Null Byte Interaction Error (Poison Null Byte)

Assigner

GitHub_M

References

1 reference

URL	Tags
https://github.com/netty/netty/security/advisorie…	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
netty	netty	Affected: >= 4.2.0.Alpha1, < 4.2.13.Final Affected: < 4.1.133.Final

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-42579",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-18T15:39:59.449891Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-18T15:40:22.534Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/netty/netty/security/advisories/GHSA-cm33-6792-r9fm"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "netty",
          "vendor": "netty",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.2.0.Alpha1, \u003c 4.2.13.Final"
            },
            {
              "status": "affected",
              "version": "\u003c 4.1.133.Final"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty\u0027s DNS codec does not enforce RFC 1035 domain name constraints during either encoding or decoding. This creates a bidirectional attack surface: malicious DNS responses can exploit the decoder, and user-influenced hostnames can exploit the encoder. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-626",
              "description": "CWE-626: Null Byte Interaction Error (Poison Null Byte)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-13T18:01:52.500Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/netty/netty/security/advisories/GHSA-cm33-6792-r9fm",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/netty/netty/security/advisories/GHSA-cm33-6792-r9fm"
        }
      ],
      "source": {
        "advisory": "GHSA-cm33-6792-r9fm",
        "discovery": "UNKNOWN"
      },
      "title": "Netty: DNS Codec Input Validation Bypass in Netty (Encoder + Decoder)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-42579",
    "datePublished": "2026-05-13T18:01:52.500Z",
    "dateReserved": "2026-04-28T17:26:12.085Z",
    "dateUpdated": "2026-05-18T15:40:22.534Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-42579",
      "date": "2026-06-22",
      "epss": "0.00418",
      "percentile": "0.33281"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-42579\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-05-13T19:17:23.353\",\"lastModified\":\"2026-05-18T17:16:32.397\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty\u0027s DNS codec does not enforce RFC 1035 domain name constraints during either encoding or decoding. This creates a bidirectional attack surface: malicious DNS responses can exploit the decoder, and user-influenced hostnames can exploit the encoder. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"},{\"lang\":\"en\",\"value\":\"CWE-400\"},{\"lang\":\"en\",\"value\":\"CWE-626\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.133\",\"matchCriteriaId\":\"DFE205A5-2C43-40C9-A2FF-CF6759B8D861\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.2.0\",\"versionEndExcluding\":\"4.2.13\",\"matchCriteriaId\":\"D94A720F-9CED-4BE9-8C37-FD9E2FD28472\"}]}]}],\"references\":[{\"url\":\"https://github.com/netty/netty/security/advisories/GHSA-cm33-6792-r9fm\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/netty/netty/security/advisories/GHSA-cm33-6792-r9fm\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Mitigation\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-42579\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-18T15:39:59.449891Z\"}}}], \"references\": [{\"url\": \"https://github.com/netty/netty/security/advisories/GHSA-cm33-6792-r9fm\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-18T15:39:13.328Z\"}}], \"cna\": {\"title\": \"Netty: DNS Codec Input Validation Bypass in Netty (Encoder + Decoder)\", \"source\": {\"advisory\": \"GHSA-cm33-6792-r9fm\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"netty\", \"product\": \"netty\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 4.2.0.Alpha1, \u003c 4.2.13.Final\"}, {\"status\": \"affected\", \"version\": \"\u003c 4.1.133.Final\"}]}], \"references\": [{\"url\": \"https://github.com/netty/netty/security/advisories/GHSA-cm33-6792-r9fm\", \"name\": \"https://github.com/netty/netty/security/advisories/GHSA-cm33-6792-r9fm\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty\u0027s DNS codec does not enforce RFC 1035 domain name constraints during either encoding or decoding. This creates a bidirectional attack surface: malicious DNS responses can exploit the decoder, and user-influenced hostnames can exploit the encoder. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20: Improper Input Validation\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"CWE-400: Uncontrolled Resource Consumption\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-626\", \"description\": \"CWE-626: Null Byte Interaction Error (Poison Null Byte)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-05-13T18:01:52.500Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-42579\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-18T15:40:22.534Z\", \"dateReserved\": \"2026-04-28T17:26:12.085Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-05-13T18:01:52.500Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

WID-SEC-W-2026-1372

Vulnerability from csaf_certbund - Published: 2026-05-05 22:00 - Updated: 2026-06-10 22:00

Summary

Netty: Mehrere Schwachstellen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Netty ist ein asynchrones, ereignisgesteuertes Netzwerk-Anwendungs-Framework für die schnelle Entwicklung von wartbaren, hochleistungsfähigen Protokollservern und -clients.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Netty ausnutzen, um Sicherheitsmaßnahmen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand zu verursachen.

Betroffene Betriebssysteme: - Sonstiges - UNIX

CVE-2026-41417

Affected products

Known affected 6 products

Product	Identifier	Version
Open Source Keycloak <26.6.3 Open Source / Keycloak		<26.6.3
Open Source Netty <4.2.13.Final Open Source / Netty		<4.2.13.Final
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source Netty <4.1.133.Final Open Source / Netty		<4.1.133.Final

CVE-2026-42577

Affected products

Known affected 6 products

Product	Identifier	Version
Open Source Keycloak <26.6.3 Open Source / Keycloak		<26.6.3
Open Source Netty <4.2.13.Final Open Source / Netty		<4.2.13.Final
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source Netty <4.1.133.Final Open Source / Netty		<4.1.133.Final

CVE-2026-42578

Affected products

Known affected 6 products

Product	Identifier	Version
Open Source Keycloak <26.6.3 Open Source / Keycloak		<26.6.3
Open Source Netty <4.2.13.Final Open Source / Netty		<4.2.13.Final
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source Netty <4.1.133.Final Open Source / Netty		<4.1.133.Final

CVE-2026-42579

Affected products

Known affected 6 products

Product	Identifier	Version
Open Source Keycloak <26.6.3 Open Source / Keycloak		<26.6.3
Open Source Netty <4.2.13.Final Open Source / Netty		<4.2.13.Final
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source Netty <4.1.133.Final Open Source / Netty		<4.1.133.Final

CVE-2026-42580

Affected products

Known affected 6 products

Product	Identifier	Version
Open Source Keycloak <26.6.3 Open Source / Keycloak		<26.6.3
Open Source Netty <4.2.13.Final Open Source / Netty		<4.2.13.Final
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source Netty <4.1.133.Final Open Source / Netty		<4.1.133.Final

CVE-2026-42581

Affected products

Known affected 6 products

Product	Identifier	Version
Open Source Keycloak <26.6.3 Open Source / Keycloak		<26.6.3
Open Source Netty <4.2.13.Final Open Source / Netty		<4.2.13.Final
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source Netty <4.1.133.Final Open Source / Netty		<4.1.133.Final

CVE-2026-42582

Affected products

Known affected 6 products

Product	Identifier	Version
Open Source Keycloak <26.6.3 Open Source / Keycloak		<26.6.3
Open Source Netty <4.2.13.Final Open Source / Netty		<4.2.13.Final
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source Netty <4.1.133.Final Open Source / Netty		<4.1.133.Final

CVE-2026-42583

Affected products

Known affected 6 products

Product	Identifier	Version
Open Source Keycloak <26.6.3 Open Source / Keycloak		<26.6.3
Open Source Netty <4.2.13.Final Open Source / Netty		<4.2.13.Final
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source Netty <4.1.133.Final Open Source / Netty		<4.1.133.Final

CVE-2026-42584

Affected products

Known affected 6 products

Product	Identifier	Version
Open Source Keycloak <26.6.3 Open Source / Keycloak		<26.6.3
Open Source Netty <4.2.13.Final Open Source / Netty		<4.2.13.Final
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source Netty <4.1.133.Final Open Source / Netty		<4.1.133.Final

CVE-2026-42585

Affected products

Known affected 6 products

Product	Identifier	Version
Open Source Keycloak <26.6.3 Open Source / Keycloak		<26.6.3
Open Source Netty <4.2.13.Final Open Source / Netty		<4.2.13.Final
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source Netty <4.1.133.Final Open Source / Netty		<4.1.133.Final

CVE-2026-42586

Affected products

Known affected 6 products

Product	Identifier	Version
Open Source Keycloak <26.6.3 Open Source / Keycloak		<26.6.3
Open Source Netty <4.2.13.Final Open Source / Netty		<4.2.13.Final
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source Netty <4.1.133.Final Open Source / Netty		<4.1.133.Final

CVE-2026-42587

Affected products

Known affected 6 products

Product	Identifier	Version
Open Source Keycloak <26.6.3 Open Source / Keycloak		<26.6.3
Open Source Netty <4.2.13.Final Open Source / Netty		<4.2.13.Final
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source Netty <4.1.133.Final Open Source / Netty		<4.1.133.Final

CVE-2026-44248

Affected products

Known affected 6 products

Product	Identifier	Version
Open Source Keycloak <26.6.3 Open Source / Keycloak		<26.6.3
Open Source Netty <4.2.13.Final Open Source / Netty		<4.2.13.Final
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source Netty <4.1.133.Final Open Source / Netty		<4.1.133.Final

References

21 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://github.com/netty/netty/security/advisorie…	external
https://github.com/netty/netty/security/advisorie…	external
https://github.com/netty/netty/security/advisorie…	external
https://github.com/netty/netty/security/advisorie…	external
https://github.com/netty/netty/security/advisorie…	external
https://github.com/netty/netty/security/advisorie…	external
https://github.com/netty/netty/security/advisorie…	external
https://github.com/netty/netty/security/advisorie…	external
https://github.com/netty/netty/security/advisorie…	external
https://github.com/netty/netty/security/advisorie…	external
https://github.com/advisories/GHSA-v8h7-rr48-vmmv	external
https://github.com/netty/netty/security/advisorie…	external
https://github.com/netty/netty/security/advisorie…	external
https://www.keycloak.org/2026/06/keycloak-2663-released	external
https://ubuntu.com/security/notices/USN-8401-1	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://access.redhat.com/errata/RHSA-2026:24502	external
https://access.redhat.com/errata/RHSA-2026:23808	external
https://access.redhat.com/errata/RHSA-2026:25123	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Netty ist ein asynchrones, ereignisgesteuertes Netzwerk-Anwendungs-Framework f\u00fcr die schnelle Entwicklung von wartbaren, hochleistungsf\u00e4higen Protokollservern und -clients.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Netty ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand zu verursachen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-1372 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1372.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-1372 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1372"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-2c5c-chwr-9hqw vom 2026-05-05",
        "url": "https://github.com/netty/netty/security/advisories/GHSA-2c5c-chwr-9hqw"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-38f8-5428-x5cv vom 2026-05-05",
        "url": "https://github.com/netty/netty/security/advisories/GHSA-38f8-5428-x5cv"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-45q3-82m4-75jr vom 2026-05-05",
        "url": "https://github.com/netty/netty/security/advisories/GHSA-45q3-82m4-75jr"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-57rv-r2g8-2cj3 vom 2026-05-05",
        "url": "https://github.com/netty/netty/security/advisories/GHSA-57rv-r2g8-2cj3"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-cm33-6792-r9fm vom 2026-05-05",
        "url": "https://github.com/netty/netty/security/advisories/GHSA-cm33-6792-r9fm"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-f6hv-jmp6-3vwv vom 2026-05-05",
        "url": "https://github.com/netty/netty/security/advisories/GHSA-f6hv-jmp6-3vwv"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-jfg9-48mv-9qgx vom 2026-05-05",
        "url": "https://github.com/netty/netty/security/advisories/GHSA-jfg9-48mv-9qgx"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-m4cv-j2px-7723 vom 2026-05-05",
        "url": "https://github.com/netty/netty/security/advisories/GHSA-m4cv-j2px-7723"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-mj4r-2hfc-f8p6 vom 2026-05-05",
        "url": "https://github.com/netty/netty/security/advisories/GHSA-mj4r-2hfc-f8p6"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-rwm7-x88c-3g2p vom 2026-05-05",
        "url": "https://github.com/netty/netty/security/advisories/GHSA-rwm7-x88c-3g2p"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-v8h7-rr48-vmmv vom 2026-05-05",
        "url": "https://github.com/advisories/GHSA-v8h7-rr48-vmmv"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-v8h7-rr48-vmmv vom 2026-05-05",
        "url": "https://github.com/netty/netty/security/advisories/GHSA-v8h7-rr48-vmmv"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-xxqh-mfjm-7mv9 vom 2026-05-05",
        "url": "https://github.com/netty/netty/security/advisories/GHSA-xxqh-mfjm-7mv9"
      },
      {
        "category": "external",
        "summary": "Keycloak 26.6.3 release vom 2026-06-04",
        "url": "https://www.keycloak.org/2026/06/keycloak-2663-released"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-8401-1 vom 2026-06-08",
        "url": "https://ubuntu.com/security/notices/USN-8401-1"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:2308-1 vom 2026-06-09",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026653.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:24502 vom 2026-06-10",
        "url": "https://access.redhat.com/errata/RHSA-2026:24502"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:23808 vom 2026-06-10",
        "url": "https://access.redhat.com/errata/RHSA-2026:23808"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:25123 vom 2026-06-11",
        "url": "https://access.redhat.com/errata/RHSA-2026:25123"
      }
    ],
    "source_lang": "en-US",
    "title": "Netty: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-06-10T22:00:00.000+00:00",
      "generator": {
        "date": "2026-06-11T10:21:04.274+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.6.0"
        }
      },
      "id": "WID-SEC-W-2026-1372",
      "initial_release_date": "2026-05-05T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-05-05T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-05-06T22:00:00.000+00:00",
          "number": "2",
          "summary": "CVE erg\u00e4nzt"
        },
        {
          "date": "2026-05-14T22:00:00.000+00:00",
          "number": "3",
          "summary": "Referenz(en) aufgenommen: EUVD-2026-30130, EUVD-2026-30124, EUVD-2026-30127, EUVD-2026-30129, EUVD-2026-30128, EUVD-2026-30126, EUVD-2026-30123, EUVD-2026-30122, EUVD-2026-30120, EUVD-2026-30125, EUVD-2026-30132, EUVD-2026-30121"
        },
        {
          "date": "2026-06-04T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates aufgenommen"
        },
        {
          "date": "2026-06-08T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2026-06-09T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-06-10T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "7"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c26.6.3",
                "product": {
                  "name": "Open Source Keycloak \u003c26.6.3",
                  "product_id": "T054992"
                }
              },
              {
                "category": "product_version",
                "name": "26.6.3",
                "product": {
                  "name": "Open Source Keycloak 26.6.3",
                  "product_id": "T054992-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:keycloak:keycloak:26.6.3"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Keycloak"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c4.2.13.Final",
                "product": {
                  "name": "Open Source Netty \u003c4.2.13.Final",
                  "product_id": "T053584"
                }
              },
              {
                "category": "product_version",
                "name": "4.2.13.Final",
                "product": {
                  "name": "Open Source Netty 4.2.13.Final",
                  "product_id": "T053584-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:netty:netty:4.2.13.final"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c4.1.133.Final",
                "product": {
                  "name": "Open Source Netty \u003c4.1.133.Final",
                  "product_id": "T053585"
                }
              },
              {
                "category": "product_version",
                "name": "4.1.133.Final",
                "product": {
                  "name": "Open Source Netty 4.1.133.Final",
                  "product_id": "T053585-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:netty:netty:4.1.133.final"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Netty"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-41417",
      "product_status": {
        "known_affected": [
          "T054992",
          "T053584",
          "T002207",
          "67646",
          "T000126",
          "T053585"
        ]
      },
      "release_date": "2026-05-05T22:00:00.000+00:00",
      "title": "CVE-2026-41417"
    },
    {
      "cve": "CVE-2026-42577",
      "product_status": {
        "known_affected": [
          "T054992",
          "T053584",
          "T002207",
          "67646",
          "T000126",
          "T053585"
        ]
      },
      "release_date": "2026-05-05T22:00:00.000+00:00",
      "title": "CVE-2026-42577"
    },
    {
      "cve": "CVE-2026-42578",
      "product_status": {
        "known_affected": [
          "T054992",
          "T053584",
          "T002207",
          "67646",
          "T000126",
          "T053585"
        ]
      },
      "release_date": "2026-05-05T22:00:00.000+00:00",
      "title": "CVE-2026-42578"
    },
    {
      "cve": "CVE-2026-42579",
      "product_status": {
        "known_affected": [
          "T054992",
          "T053584",
          "T002207",
          "67646",
          "T000126",
          "T053585"
        ]
      },
      "release_date": "2026-05-05T22:00:00.000+00:00",
      "title": "CVE-2026-42579"
    },
    {
      "cve": "CVE-2026-42580",
      "product_status": {
        "known_affected": [
          "T054992",
          "T053584",
          "T002207",
          "67646",
          "T000126",
          "T053585"
        ]
      },
      "release_date": "2026-05-05T22:00:00.000+00:00",
      "title": "CVE-2026-42580"
    },
    {
      "cve": "CVE-2026-42581",
      "product_status": {
        "known_affected": [
          "T054992",
          "T053584",
          "T002207",
          "67646",
          "T000126",
          "T053585"
        ]
      },
      "release_date": "2026-05-05T22:00:00.000+00:00",
      "title": "CVE-2026-42581"
    },
    {
      "cve": "CVE-2026-42582",
      "product_status": {
        "known_affected": [
          "T054992",
          "T053584",
          "T002207",
          "67646",
          "T000126",
          "T053585"
        ]
      },
      "release_date": "2026-05-05T22:00:00.000+00:00",
      "title": "CVE-2026-42582"
    },
    {
      "cve": "CVE-2026-42583",
      "product_status": {
        "known_affected": [
          "T054992",
          "T053584",
          "T002207",
          "67646",
          "T000126",
          "T053585"
        ]
      },
      "release_date": "2026-05-05T22:00:00.000+00:00",
      "title": "CVE-2026-42583"
    },
    {
      "cve": "CVE-2026-42584",
      "product_status": {
        "known_affected": [
          "T054992",
          "T053584",
          "T002207",
          "67646",
          "T000126",
          "T053585"
        ]
      },
      "release_date": "2026-05-05T22:00:00.000+00:00",
      "title": "CVE-2026-42584"
    },
    {
      "cve": "CVE-2026-42585",
      "product_status": {
        "known_affected": [
          "T054992",
          "T053584",
          "T002207",
          "67646",
          "T000126",
          "T053585"
        ]
      },
      "release_date": "2026-05-05T22:00:00.000+00:00",
      "title": "CVE-2026-42585"
    },
    {
      "cve": "CVE-2026-42586",
      "product_status": {
        "known_affected": [
          "T054992",
          "T053584",
          "T002207",
          "67646",
          "T000126",
          "T053585"
        ]
      },
      "release_date": "2026-05-05T22:00:00.000+00:00",
      "title": "CVE-2026-42586"
    },
    {
      "cve": "CVE-2026-42587",
      "product_status": {
        "known_affected": [
          "T054992",
          "T053584",
          "T002207",
          "67646",
          "T000126",
          "T053585"
        ]
      },
      "release_date": "2026-05-05T22:00:00.000+00:00",
      "title": "CVE-2026-42587"
    },
    {
      "cve": "CVE-2026-44248",
      "product_status": {
        "known_affected": [
          "T054992",
          "T053584",
          "T002207",
          "67646",
          "T000126",
          "T053585"
        ]
      },
      "release_date": "2026-05-05T22:00:00.000+00:00",
      "title": "CVE-2026-44248"
    }
  ]
}

WID-SEC-W-2026-1955

Vulnerability from csaf_certbund - Published: 2026-06-16 22:00 - Updated: 2026-06-17 22:00

Summary

Atlassian Bamboo, Bitbucket, Confluence, Fisheye, Crucible, Jira und Jira Service Management: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: Bamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet. Bitbucket ist ein Git-Server zur Sourcecode-Versionskontrolle. Confluence ist eine kommerzielle Wiki-Software. Fisheye ist ein Quellcode-Repository-Browser für Unternehmensteams. Crucible ist eine Code-Review-Lösung für Unternehmensteams. Jira ist eine Webanwendung zur Softwareentwicklung.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Atlassian Bamboo, Bitbucket, Confluence, Fisheye, Crucible, Jira und Jira Service Management ausnutzen, um beliebigen Code auszuführen, erweiterte Berechtigungen zu erlangen, Sicherheitsmaßnahmen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand auszulösen.

Betroffene Betriebssysteme: - Sonstiges - UNIX - Windows

CVE-2019-11272

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2021-3803

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2022-1471

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2022-22965

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2022-22978

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2022-31692

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2024-22257

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2025-22228

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-22732

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-24734

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-26996

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-27903

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-27904

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-29129

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-33870

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-33871

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-34077

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-34486

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-34487

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-40175

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-41044

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-41284

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-41293

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-42033

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-42035

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-42038

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-42043

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-42198

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-42211

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-42264

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-42342

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-42498

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-42579

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-42581

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-42583

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-42584

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-42585

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-42587

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-43512

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-43513

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-43515

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-44486

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-44487

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-44488

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-44492

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-44495

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-44496

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-45149

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

CVE-2026-45736

Affected products

Known affected 14 products

Product	Identifier	Version
Atlassian Crucible <4.9.11 Atlassian / Crucible		<4.9.11
Atlassian Fisheye <4.9.11 Atlassian / Fisheye		<4.9.11
Atlassian Confluence Data Center <9.2.21 Atlassian / Confluence		Data Center <9.2.21
Atlassian Confluence Data Center <10.2.13 Atlassian / Confluence		Data Center <10.2.13
Atlassian Bitbucket Data Center <10.3.1 Atlassian / Bitbucket		Data Center <10.3.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Bitbucket Data Center <9.4.21 Atlassian / Bitbucket		Data Center <9.4.21
Atlassian Bitbucket Data Center <10.2.4 Atlassian / Bitbucket		Data Center <10.2.4
Atlassian Jira Service Management Data Center and Server <10.3.22 Atlassian / Jira		Service Management Data Center and Server <10.3.22
Atlassian Jira Service Management Data Center and Server <11.3.7 Atlassian / Jira		Service Management Data Center and Server <11.3.7
Atlassian Bamboo Data Center <12.1.8 Atlassian / Bamboo		Data Center <12.1.8
Atlassian Jira Data Center <10.3.22 Atlassian / Jira		Data Center <10.3.22
Atlassian Jira Data Center <11.3.7 Atlassian / Jira		Data Center <11.3.7
Atlassian Bamboo Data Center <10.2.20 Atlassian / Bamboo		Data Center <10.2.20

References

4 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://confluence.atlassian.com/security/securit…	external
https://access.redhat.com/errata/RHSA-2026:22380	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Bamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet.\r\nBitbucket ist ein Git-Server zur Sourcecode-Versionskontrolle.\r\nConfluence ist eine kommerzielle Wiki-Software.\r\nFisheye ist ein Quellcode-Repository-Browser f\u00fcr Unternehmensteams. \r\nCrucible ist eine Code-Review-L\u00f6sung f\u00fcr Unternehmensteams.\r\nJira ist eine Webanwendung zur Softwareentwicklung.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Atlassian Bamboo, Bitbucket, Confluence, Fisheye, Crucible, Jira und Jira Service Management ausnutzen, um beliebigen Code auszuf\u00fchren, erweiterte Berechtigungen zu erlangen, Sicherheitsma\u00dfnahmen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand auszul\u00f6sen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-1955 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1955.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-1955 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1955"
      },
      {
        "category": "external",
        "summary": "Atlassian Security Bulletin Juni vom 2026-06-16",
        "url": "https://confluence.atlassian.com/security/security-bulletin-june-16-2026-1796309326.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:22380 vom 2026-06-18",
        "url": "https://access.redhat.com/errata/RHSA-2026:22380"
      }
    ],
    "source_lang": "en-US",
    "title": "Atlassian Bamboo, Bitbucket, Confluence, Fisheye, Crucible, Jira und Jira Service Management: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-06-17T22:00:00.000+00:00",
      "generator": {
        "date": "2026-06-18T07:59:55.017+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.6.0"
        }
      },
      "id": "WID-SEC-W-2026-1955",
      "initial_release_date": "2026-06-16T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-06-16T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-06-17T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Data Center \u003c12.1.8",
                "product": {
                  "name": "Atlassian Bamboo Data Center \u003c12.1.8",
                  "product_id": "T055489"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center 12.1.8",
                "product": {
                  "name": "Atlassian Bamboo Data Center 12.1.8",
                  "product_id": "T055489-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bamboo:data_center__12.1.8"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Data Center \u003c10.2.20",
                "product": {
                  "name": "Atlassian Bamboo Data Center \u003c10.2.20",
                  "product_id": "T055490"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center 10.2.20",
                "product": {
                  "name": "Atlassian Bamboo Data Center 10.2.20",
                  "product_id": "T055490-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bamboo:data_center__10.2.20"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Bamboo"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Data Center \u003c10.2.4",
                "product": {
                  "name": "Atlassian Bitbucket Data Center \u003c10.2.4",
                  "product_id": "T055492"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center 10.2.4",
                "product": {
                  "name": "Atlassian Bitbucket Data Center 10.2.4",
                  "product_id": "T055492-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:data_center__10.2.4"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Data Center \u003c9.4.21",
                "product": {
                  "name": "Atlassian Bitbucket Data Center \u003c9.4.21",
                  "product_id": "T055493"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center 9.4.21",
                "product": {
                  "name": "Atlassian Bitbucket Data Center 9.4.21",
                  "product_id": "T055493-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:data_center__9.4.21"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Data Center \u003c10.3.1",
                "product": {
                  "name": "Atlassian Bitbucket Data Center \u003c10.3.1",
                  "product_id": "T055494"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center 10.3.1",
                "product": {
                  "name": "Atlassian Bitbucket Data Center 10.3.1",
                  "product_id": "T055494-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:data_center__10.3.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Bitbucket"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Data Center \u003c10.2.13",
                "product": {
                  "name": "Atlassian Confluence Data Center \u003c10.2.13",
                  "product_id": "T055495"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center 10.2.13",
                "product": {
                  "name": "Atlassian Confluence Data Center 10.2.13",
                  "product_id": "T055495-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:data_center__10.2.13"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Data Center \u003c9.2.21",
                "product": {
                  "name": "Atlassian Confluence Data Center \u003c9.2.21",
                  "product_id": "T055496"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center 9.2.21",
                "product": {
                  "name": "Atlassian Confluence Data Center 9.2.21",
                  "product_id": "T055496-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:data_center__9.2.21"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Confluence"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c4.9.11",
                "product": {
                  "name": "Atlassian Crucible \u003c4.9.11",
                  "product_id": "T055498"
                }
              },
              {
                "category": "product_version",
                "name": "4.9.11",
                "product": {
                  "name": "Atlassian Crucible 4.9.11",
                  "product_id": "T055498-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:crucible:4.9.11"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Crucible"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c4.9.11",
                "product": {
                  "name": "Atlassian Fisheye \u003c4.9.11",
                  "product_id": "T055497"
                }
              },
              {
                "category": "product_version",
                "name": "4.9.11",
                "product": {
                  "name": "Atlassian Fisheye 4.9.11",
                  "product_id": "T055497-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:fisheye:4.9.11"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Fisheye"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Data Center \u003c11.3.7",
                "product": {
                  "name": "Atlassian Jira Data Center \u003c11.3.7",
                  "product_id": "T055499"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center 11.3.7",
                "product": {
                  "name": "Atlassian Jira Data Center 11.3.7",
                  "product_id": "T055499-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira:data_center__11.3.7"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Data Center \u003c10.3.22",
                "product": {
                  "name": "Atlassian Jira Data Center \u003c10.3.22",
                  "product_id": "T055500"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center 10.3.22",
                "product": {
                  "name": "Atlassian Jira Data Center 10.3.22",
                  "product_id": "T055500-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira:data_center__10.3.22"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Service Management Data Center and Server \u003c11.3.7",
                "product": {
                  "name": "Atlassian Jira Service Management Data Center and Server \u003c11.3.7",
                  "product_id": "T055501"
                }
              },
              {
                "category": "product_version",
                "name": "Service Management Data Center and Server 11.3.7",
                "product": {
                  "name": "Atlassian Jira Service Management Data Center and Server 11.3.7",
                  "product_id": "T055501-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira:service_management_data_center_and_server__11.3.7"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Service Management Data Center and Server \u003c10.3.22",
                "product": {
                  "name": "Atlassian Jira Service Management Data Center and Server \u003c10.3.22",
                  "product_id": "T055502"
                }
              },
              {
                "category": "product_version",
                "name": "Service Management Data Center and Server 10.3.22",
                "product": {
                  "name": "Atlassian Jira Service Management Data Center and Server 10.3.22",
                  "product_id": "T055502-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira:service_management_data_center_and_server__10.3.22"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Jira"
          }
        ],
        "category": "vendor",
        "name": "Atlassian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-11272",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2019-11272"
    },
    {
      "cve": "CVE-2021-3803",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2021-3803"
    },
    {
      "cve": "CVE-2022-1471",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2022-1471"
    },
    {
      "cve": "CVE-2022-22965",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2022-22965"
    },
    {
      "cve": "CVE-2022-22978",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2022-22978"
    },
    {
      "cve": "CVE-2022-31692",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2022-31692"
    },
    {
      "cve": "CVE-2024-22257",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2024-22257"
    },
    {
      "cve": "CVE-2025-22228",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2025-22228"
    },
    {
      "cve": "CVE-2026-22732",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-22732"
    },
    {
      "cve": "CVE-2026-24734",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-24734"
    },
    {
      "cve": "CVE-2026-26996",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-26996"
    },
    {
      "cve": "CVE-2026-27903",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-27903"
    },
    {
      "cve": "CVE-2026-27904",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-27904"
    },
    {
      "cve": "CVE-2026-29129",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-29129"
    },
    {
      "cve": "CVE-2026-33870",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-33870"
    },
    {
      "cve": "CVE-2026-33871",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-33871"
    },
    {
      "cve": "CVE-2026-34077",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-34077"
    },
    {
      "cve": "CVE-2026-34486",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-34486"
    },
    {
      "cve": "CVE-2026-34487",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-34487"
    },
    {
      "cve": "CVE-2026-40175",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-40175"
    },
    {
      "cve": "CVE-2026-41044",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-41044"
    },
    {
      "cve": "CVE-2026-41284",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-41284"
    },
    {
      "cve": "CVE-2026-41293",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-41293"
    },
    {
      "cve": "CVE-2026-42033",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-42033"
    },
    {
      "cve": "CVE-2026-42035",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-42035"
    },
    {
      "cve": "CVE-2026-42038",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-42038"
    },
    {
      "cve": "CVE-2026-42043",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-42043"
    },
    {
      "cve": "CVE-2026-42198",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-42198"
    },
    {
      "cve": "CVE-2026-42211",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-42211"
    },
    {
      "cve": "CVE-2026-42264",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-42264"
    },
    {
      "cve": "CVE-2026-42342",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-42342"
    },
    {
      "cve": "CVE-2026-42498",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-42498"
    },
    {
      "cve": "CVE-2026-42579",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-42579"
    },
    {
      "cve": "CVE-2026-42581",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-42581"
    },
    {
      "cve": "CVE-2026-42583",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-42583"
    },
    {
      "cve": "CVE-2026-42584",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-42584"
    },
    {
      "cve": "CVE-2026-42585",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-42585"
    },
    {
      "cve": "CVE-2026-42587",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-42587"
    },
    {
      "cve": "CVE-2026-43512",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-43512"
    },
    {
      "cve": "CVE-2026-43513",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-43513"
    },
    {
      "cve": "CVE-2026-43515",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-43515"
    },
    {
      "cve": "CVE-2026-44486",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-44486"
    },
    {
      "cve": "CVE-2026-44487",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-44487"
    },
    {
      "cve": "CVE-2026-44488",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-44488"
    },
    {
      "cve": "CVE-2026-44492",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-44492"
    },
    {
      "cve": "CVE-2026-44495",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-44495"
    },
    {
      "cve": "CVE-2026-44496",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-44496"
    },
    {
      "cve": "CVE-2026-45149",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-45149"
    },
    {
      "cve": "CVE-2026-45736",
      "product_status": {
        "known_affected": [
          "T055498",
          "T055497",
          "T055496",
          "T055495",
          "T055494",
          "67646",
          "T055493",
          "T055492",
          "T055502",
          "T055501",
          "T055489",
          "T055500",
          "T055499",
          "T055490"
        ]
      },
      "release_date": "2026-06-16T22:00:00.000+00:00",
      "title": "CVE-2026-45736"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-42579 (GCVE-0-2026-42579)

WID-SEC-W-2026-1372

WID-SEC-W-2026-1955

Tags

Sightings

Nomenclature