Changeflow GovPing Data Privacy & Cybersecurity Critical RCE Vulnerability Fixed in Atlassian B...
Priority review Guidance Amended Final

Critical RCE Vulnerability Fixed in Atlassian Bamboo Data Center

Favicon for www.csirt.gov.it Italy CSIRT Advisories
Published
Detected
Email

Summary

CSIRT-ITA has issued an alert (AL02/260423/CSIRT-ITA) confirming that Atlassian has released security updates patching a critical Remote Code Execution vulnerability (CVE-2026-21571) in Bamboo Data Center. The vulnerability affects multiple versions across seven release branches (9.6.x through 12.1.x). System impact is rated High (65.89). Organizations running affected versions are advised to update immediately per Atlassian's security bulletins.

Published by CSIRT-ITA on acn.gov.it . Detected, standardized, and enriched by GovPing. Review our methodology and editorial standards .

About this source

GovPing monitors Italy CSIRT Advisories for new data privacy & cybersecurity regulatory changes. Every update since tracking began is archived, classified, and available as free RSS or email alerts — 18 changes logged to date.

View original document View source feed page

What changed

CSIRT-ITA has confirmed resolution of CVE-2026-21571, a critical Remote Code Execution vulnerability in Atlassian Bamboo Data Center. The vulnerability, if exploited, would have allowed a remote attacker to execute arbitrary code on affected systems. Security updates have been released for seven affected version branches: 9.6.x, 10.0.x, 10.1.x, 10.2.x, 11.0.x, 12.0.x, and 12.1.x. Specific patched versions include 9.6.24 (LTS), 10.0.3, 10.1.1, 10.2.16 (LTS), 11.0.8, 12.0.2, and 12.1.3 (LTS).

Organizations running any of the listed Bamboo Data Center versions should verify their current installation version and apply the relevant security update referenced in Atlassian's security bulletin and Jira ticket BAM-26364. System impact is assessed as High (65.89), indicating significant risk if left unpatched. This advisory applies to any entity operating Atlassian Bamboo Data Center within Italian jurisdiction or under CSIRT-ITA's advisory scope.

Archived snapshot

Apr 27, 2026

GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.

Risolta vulnerabilità in Atlassian Bamboo Data Center

**
Alert**

AL02/260423/CSIRT-ITA

Condividi
- Facebook
- Twitter
- LinkedIn
- Whatsapp

Sintesi

Rilasciati aggiornamenti di sicurezza per risolvere una vulnerabilità con gravità “critica” presente nel prodotto Bamboo Data Center di Atlassian. Tale vulnerabilità, qualora sfruttata, potrebbe consentire ad un utente malintenzionato remoto di eseguire codice arbitrario sui sistemi interessati.

Tipologia

Remote Code Execution

Prodotti e/o versioni affette

Bamboo Data Center:

  • 12.1.x, versione 12.1.3 (LTS) e precedenti
  • 12.0.x, versione 12.0.2 e precedenti
  • 11.0.x, versione 11.0.8 e precedenti
  • 10.2.x, versione 10.2.16 (LTS) e precedenti
  • 10.1.x, versione 10.1.1 e precedenti
  • 10.0.x, versione 10.0.3 e precedenti
  • 9.6.x, versione 9.6.24 (LTS) e precedenti

Azioni di mitigazione

In linea con le dichiarazioni del vendor, si raccomanda di aggiornare i prodotti vulnerabili seguendo le indicazioni dei bollettini di sicurezza riportati nella sezione Riferimenti.

CVE (1)

Cerca:
| CVE | POC | EXPLOITATION |
| --- | --- | --- |
| CVE-2026-21571 | - | - |

Riferimenti (2)

  1. https://confluence.atlassian.com/security/security-bulletin-april-21-2026-1770913890.html
  2. https://jira.atlassian.com/browse/BAM-26364

Change log

Versione Note Data
1.0 Pubblicato il 23-04-2026 23/04/2026

Impatto sistemico

Alto (65.89)

Argomenti

Data pubblicazione

23/04/26 ore 10:58

Data Ultimo Aggiornamento

23/04/26 ore 10:58

Related changes

Favicon for www.csirt.gov.it Samsung MagicINFO CVE-2025-4632 Critical Vulnerability Active Exploitation
Urgent Apr 27, 2026 Italy CSIRT Advisories Data Privacy & Cybersecurity
Favicon for www.csirt.gov.it Italy CSIRT Advisories: Spring Security Vulnerabilities Fixed, 1 Critical
Priority review Apr 25, 2026 Italy CSIRT Advisories Data Privacy & Cybersecurity
Favicon for www.csirt.gov.it CrowdStrike LogScale Critical Arbitrary File Read Vulnerability Resolved
Priority review Apr 25, 2026 Italy CSIRT Advisories Data Privacy & Cybersecurity

Get daily alerts for Italy CSIRT Advisories

Daily digest delivered to your inbox.

Free. Unsubscribe anytime.

Source

Favicon for www.csirt.gov.it
Italy CSIRT Advisories csirt.gov.it/contenuti
Data Privacy & Cybersecurity

About this page

What is GovPing?

Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission

What's from the agency?

Source document text, dates, docket IDs, and authority are extracted directly from CSIRT-ITA.

What's AI-generated?

The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.

Last updated

Press inquiries →

Classification

Agency
CSIRT-ITA
Published
April 23rd, 2026
Instrument
Guidance
Branch
Executive
Source language
it
Legal weight
Non-binding
Stage
Final
Change scope
Substantive

Who this affects

Applies to
Manufacturers Technology companies Government agencies
Industry sector
5112 Software & Technology
Activity scope
Vulnerability remediation Software patching Security advisory response
Geographic scope
IT IT

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Topics
Data Privacy Consumer Protection

Browse Categories

Agriculture & Food Safety 84 AI Regulation 1 Banking & Finance 507 Consumer Protection 142 Courts & Legal 629 Data Privacy & Cybersecurity 152 Defense & National Security 52 Education 63 Energy 135 Environment 170 Government & Legislation 530 Healthcare 1 Healthcare & Life Sciences 413 Immigration 11 Insurance 90 Labor & Employment 196 Pharma & Drug Safety 12 Real Estate & Housing 76 Securities & Markets 178 Tax 118 Telecom & Technology 57 Trade & Sanctions 167 Transportation 132

Get alerts for this source

We'll email you when Italy CSIRT Advisories publishes new changes.

Free. Unsubscribe anytime.

You're subscribed!