Changeflow GovPing Data Privacy & Cybersecurity Multiple vulnerabilities found in Atlassian pro...
Priority review Notice Added Final

Multiple vulnerabilities found in Atlassian products

Favicon for www.cert.ssi.gouv.fr CERT-FR Security Advisories
Published March 18th, 2026
Detected March 18th, 2026
Email

Summary

The CERT-FR has issued a security advisory regarding multiple vulnerabilities discovered in Atlassian products, including Confluence and Jira. These vulnerabilities could lead to remote code execution, denial of service, and data breaches.

View original document View source feed page

What changed

The French national cybersecurity agency (CERT-FR) has published an advisory (CERTFR-2026-AVI-0314) detailing multiple critical vulnerabilities found in various versions of Atlassian Confluence, Jira Service Management, and Jira Software Data Center and Server products. The identified risks include data confidentiality breaches, security policy bypass, remote denial of service, and arbitrary remote code execution. The advisory references specific Atlassian security bulletins dated March 17, 2026, for detailed information.

Organizations utilizing the affected Atlassian products are strongly advised to consult the provided Atlassian security bulletins and apply the necessary patches immediately to mitigate the risks of exploitation. Failure to do so could result in significant security compromises, including unauthorized access and system disruption. The advisory does not specify a compliance deadline but implies immediate action is necessary due to the severity of the vulnerabilities.

What to do next

  1. Review affected Atlassian product versions (Confluence, Jira Service Management, Jira Software).
  2. Consult Atlassian security bulletins for specific patch information.
  3. Apply necessary security patches to mitigate identified vulnerabilities.

Source document (simplified)

Premier Ministre S.G.D.S.N

Agence nationale
de la sécurité des
systèmes d'information

Paris, le 18 mars 2026 N° CERTFR-2026-AVI-0314 Affaire suivie par: CERT-FR

Avis du CERT-FR

Objet: Multiples vulnérabilités dans les produits Atlassian

Gestion du document

| Référence | CERTFR-2026-AVI-0314 |
| Titre | Multiples vulnérabilités dans les produits Atlassian |
| Date de la première version | 18 mars 2026 |
| Date de la dernière version | 18 mars 2026 |
| Source(s) | Bulletin de sécurité Atlassian CONFSERVER-102542 du 17 mars 2026
Bulletin de sécurité Atlassian JSDSERVER-16510 du 17 mars 2026
Bulletin de sécurité Atlassian JSDSERVER-16515 du 17 mars 2026
Bulletin de sécurité Atlassian JSDSERVER-16527 du 17 mars 2026
Bulletin de sécurité Atlassian JSDSERVER-16528 du 17 mars 2026
Bulletin de sécurité Atlassian JSDSERVER-16529 du 17 mars 2026
Bulletin de sécurité Atlassian JSDSERVER-16530 du 17 mars 2026
Bulletin de sécurité Atlassian JSWSERVER-26714 du 17 mars 2026
Bulletin de sécurité Atlassian JSWSERVER-26716 du 17 mars 2026
Bulletin de sécurité Atlassian JSWSERVER-26730 du 17 mars 2026
Bulletin de sécurité Atlassian JSWSERVER-26732 du 17 mars 2026
Bulletin de sécurité Atlassian JSWSERVER-26733 du 17 mars 2026
Bulletin de sécurité Atlassian JSWSERVER-26736 du 17 mars 2026 |
Une gestion de version détaillée se trouve à la fin de ce document.

Risques

  • Atteinte à la confidentialité des données
  • Contournement de la politique de sécurité
  • Déni de service à distance
  • Exécution de code arbitraire à distance

Systèmes affectés

  • Confluence Data Center versions antérieures à 10.2.7
  • Confluence Data Center versions antérieures à 9.0.2
  • Confluence Data Center versions antérieures à 9.2.15
  • Confluence Server versions antérieures à 10.2.7
  • Confluence Server versions antérieures à 9.0.2
  • Confluence Server versions antérieures à 9.2.15
  • Jira Service Management Data Center versions antérieures à 10.3.18
  • Jira Service Management Data Center versions antérieures à 11.3.3
  • Jira Service Management Server versions antérieures à 10.3.17
  • Jira Service Management Server versions antérieures à 11.3.3
  • Jira Software Data Center versions antérieures à 10.3.18
  • Jira Software Data Center versions antérieures à 11.3.3
  • Jira Software Server versions antérieures à 10.3.17
  • Jira Software Server versions antérieures à 11.3.2

Résumé

De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Documentation

Gestion détaillée du document

  1. le 18 mars 2026 Version initiale

Related changes

Favicon for www.cert.ssi.gouv.fr CERT-FR: Multiple Vulnerabilities in Suricata
Priority review Mar 18, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr CERT-FR: Multiple MongoDB Vulnerabilities
Priority review Mar 18, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Node.js Multiple Vulnerabilities Security Patches
Priority review Mar 18, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cyber.nj.gov Monroe University Data Breach Affects 320,000 Individuals
Priority review Mar 18, 2026 NJ Cybersecurity: Public Data Breaches Government General
Favicon for wid.cert-bund.de Red Hat Enterprise Linux and OpenShift Vulnerabilities Disclosed
Priority review Mar 18, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de Atlassian Jira Multiple Vulnerabilities
Priority review Mar 18, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity

Source

Favicon for www.cert.ssi.gouv.fr
CERT-FR Security Advisories cert.ssi.gouv.fr/avis
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
CERT-FR
Published
March 18th, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Substantive

Who this affects

Applies to
Technology companies
Geographic scope
National (France)

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Topics
Vulnerability Management Data Security

Browse Categories

Agriculture & Food Safety 61 Banking & Finance 188 Consumer Protection 35 Courts & Legal 243 Data Privacy & Cybersecurity 59 Defense & National Security 48 Education 20 Energy 94 Environment 81 Government & Legislation 240 Healthcare 106 Housing 15 Immigration 8 Insurance 17 Labor & Employment 107 Pharma & Drug Safety 72 Securities & Markets 73 Tax 48 Telecom & Technology 34 Trade & Sanctions 122 Transportation 56

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CERT-FR Security Advisories publishes new changes.

Free. Unsubscribe anytime.