← Back

CVE-2021-26086

nvd nistnuclei
Published: Aug 16, 2021Modified: Oct 24, 2025CISA KEV

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Exploitability: 3.9 / Impact: 1.4
Source: NVD

Description

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1.

Affected (6)

Atlassian
2 products
Jira Data Center
Jira Server
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Atlassian
Jira Data Center
Before 8.5.14
Jira Data Center
From 8.14.0 to 8.16.1
Jira Data Center
From 8.6.0 to 8.13.6
Atlassian
Jira Server
Before 8.5.14
Jira Server
From 8.14.0 to 8.16.1
Jira Server
From 8.6.0 to 8.13.6

Related CWEs

CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (5)

Source: security@atlassian.com
ExploitThird Party AdvisoryVDB Entry
Source: security@atlassian.com
Issue TrackingVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingVendor Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource

Timeline

No history available yet.