{"uuid": "39c21e66-737d-4e89-8d58-3836554f72dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-27826", "type": "seen", "source": "https://gist.github.com/alon710/bb39e6fca7620239b1bd8e5a02d98b4e", "content": "# GHSA-489G-7RXV-6C8Q: CVE-2026-27826: DNS Rebinding TOCTOU Bypass in mcp-atlassian Server\n\n&gt; **CVSS Score:** 8.2\n&gt; **Published:** 2026-07-10\n&gt; **Full Report:** https://cvereports.com/reports/GHSA-489G-7RXV-6C8Q\n\n## Summary\nA DNS-rebinding Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the mcp-atlassian server before version 0.17.0. The server processes unauthenticated client-supplied URLs via custom headers, validating the destination IP but failing to pin the resolved address before connecting. This allows remote adjacent-network attackers to achieve Server-Side Request Forgery (SSRF) and access restricted resources or cloud metadata services.\n\n## TL;DR\nUnauthenticated users can bypass SSRF protections via DNS rebinding (TOCTOU) in mcp-atlassian, gaining access to internal endpoints and cloud provider metadata.\n\n## Technical Details\n\n- **CWE ID**: CWE-918, CWE-367\n- **Attack Vector**: Adjacent Network (AV:A)\n- **CVSS Score**: 8.2\n- **EPSS Score**: 14.96%\n- **Exploit Status**: Proof of Concept / Active\n- **CISA KEV Status**: Not Listed\n\n## Affected Systems\n\n- mcp-atlassian\n- **mcp-atlassian**: &lt; 0.17.0 (Fixed in: `0.17.0`)\n\n## Mitigation\n\n- Upgrade mcp-atlassian to version 0.17.0 or higher\n- Configure the MCP_ALLOWED_URL_DOMAINS environment variable\n- Apply network-level firewall blocks (iptables) to restrict egress to internal ranges\n\n**Remediation Steps:**\n1. Verify current version of mcp-atlassian using pip show mcp-atlassian\n2. Update the package to version 0.17.0 or above: pip install --upgrade mcp-atlassian\n3. Restart the server process to apply the changes\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/GHSA-489G-7RXV-6C8Q) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-07-10T18:42:23.218032Z"}