A critical file-write vulnerability in the MCP Atlassian server allows attackers to achieve remote code execution by bypassing directory boundaries.

The confluence_download_attachment tool fails to enforce directory boundaries on the download_path parameter. An attacker who can invoke this tool can write malicious content (such as a cron job) to any path the server process can access, leading to unauthenticated remote code execution (RCE).

Successful exploitation allows an attacker to execute arbitrary commands on the host system, leading to a total compromise of the MCP server and potentially the linked Confluence or Jira instances. With a CVSS score of 9.0, this vulnerability presents an immediate threat to corporate data and server stability, as it allows for persistent access via malicious system files.

Immediate Action: Update the MCP Atlassian server to version 0.17.0 or higher immediately to implement the necessary path validation fixes.

Proactive Monitoring: Scan the server for unauthorized files in sensitive directories like /etc/cron.d/, /tmp/, or web root folders.

Compensating Controls: Run the MCP server process with the least privilege possible to limit the scope of files an attacker can overwrite if the vulnerability is triggered.

Public Exploit Available: No

This RCE vulnerability is highly critical and should be patched immediately. Organizations using the MCP Atlassian server must prioritize the update to version 0.17.0. Additionally, administrators should review the permissions of the service account running the MCP server to ensure it does not have unnecessary write access to system-critical directories.