CyberSec.Space Logo
Back to CVE Browser

CVE-2021-26086

Known Exploited (CISA KEV)MEDIUM
5.3
CVSS Severity Score
EPSS Score52.1730%
EPSS Percentile88.73th
PublishedAug 16, 2021
Last ModifiedOct 24, 2025

Vulnerability Description

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1.

Affected Platforms (CPE)

πŸ“¦
Atlassian

Jira Data Center

< 8.5.14
πŸ“¦
Atlassian

Jira Data Center

>= 8.6.0 and < 8.13.6
πŸ“¦
Atlassian

Jira Data Center

>= 8.14.0 and < 8.16.1
πŸ“¦
Atlassian

Jira Server

< 8.5.14
πŸ“¦
Atlassian

Jira Server

>= 8.6.0 and < 8.13.6
πŸ“¦
Atlassian

Jira Server

>= 8.14.0 and < 8.16.1

References & Advisories

πŸ”— http://packetstormsecurity.com/files/164405/Atlassian-Jira-Server-Data-Center-8.4.0-File-Read.html
πŸ”— https://jira.atlassian.com/browse/JRASERVER-72695
πŸ”— http://packetstormsecurity.com/files/164405/Atlassian-Jira-Server-Data-Center-8.4.0-File-Read.html
πŸ”— https://jira.atlassian.com/browse/JRASERVER-72695
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-26086

Related Vulnerabilities

CVE-2019-204099.8

The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attac...

CVE-2020-141729.8

This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has b...

CVE-2019-115819.8

There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the Send...

CVE-2020-362399.8

Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, fro...