{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-11T18:33:19.614","vulnerabilities":[{"cve":{"id":"CVE-2026-21569","sourceIdentifier":"security@atlassian.com","published":"2026-01-28T01:16:14.187","lastModified":"2026-02-02T13:22:24.383","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"This High severity XXE (XML External Entity Injection) vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server. \n\t\n\tThis XXE (XML External Entity Injection) vulnerability, with a CVSS Score of 7.9, allows an authenticated attacker to access local and remote content which has high impact to confidentiality, low impact to integrity, high impact to availability, and requires no user interaction. \n\t\n\tAtlassian recommends that Crowd Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:\n\t\t\n\t\t* Crowd Data Center and Server 7.1: Upgrade to a release greater than or equal to 7.1.3\n\t\t\n\t\t\n\t\n\tSee the release notes (https://confluence.atlassian.com/crowd/crowd-release-notes-199094.html). You can download the latest version of Crowd Data Center and Server from the download center (https://www.atlassian.com/software/crowd/download-archive). \n\t\n\tThis vulnerability was reported via our Atlassian (Internal) program."},{"lang":"es","value":"Esta vulnerabilidad XXE (inyección de entidad externa XML) de alta gravedad fue introducida en la versión 7.1.0 de Crowd Data Center y Server.\n\nEsta vulnerabilidad XXE (inyección de entidad externa XML), con una puntuación CVSS de 7.9, permite a un atacante autenticado acceder a contenido local y remoto, lo que tiene un alto impacto en la confidencialidad, bajo impacto en la integridad, alto impacto en la disponibilidad y no requiere interacción del usuario.\n\nAtlassian recomienda que los clientes de Crowd Data Center y Server actualicen a la última versión; si no puede hacerlo, actualice su instancia a una de las versiones fijas compatibles especificadas:\n\n* Crowd Data Center y Server 7.1: Actualice a una versión mayor o igual a 7.1.3\n\nConsulte las notas de la versión (https://confluence.atlassian.com/crowd/crowd-release-notes-199094.html). Puede descargar la última versión de Crowd Data Center y Server desde el centro de descargas (https://www.atlassian.com/software/crowd/download-archive).\n\nEsta vulnerabilidad fue reportada a través de nuestro programa Atlassian (Interno)."}],"metrics":{"cvssMetricV30":[{"source":"security@atlassian.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:H","baseScore":7.9,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":6.0}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-611"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*","versionStartIncluding":"7.1.0","versionEndExcluding":"7.1.3","matchCriteriaId":"1D58C58C-051C-4A3E-BEC8-296F8086DDF5"}]}]}],"references":[{"url":"https://confluence.atlassian.com/pages/viewpage.action?pageId=1712324819","source":"security@atlassian.com","tags":["Vendor Advisory"]},{"url":"https://jira.atlassian.com/browse/CWD-6453","source":"security@atlassian.com","tags":["Vendor Advisory","Issue Tracking"]}]}}]}