| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Known vulnerabilities affecting Jira products and systems
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-41103 | Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network. | 9.1 | 568 | Neutral | No |
| Yes |
| CVE-2026-1466 | Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. This was done by storing the MIME ... | 6.1 | 272 | Neutral | No | Yes |
| CVE-2025-7066 | Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. This was done by storing the MIME ... | 6.1 | 272 | Neutral | No | Yes |
| CVE-2025-67643 | Jenkins Redpen - Pipeline Reporter for Jira Plugin 1.054.v7b_9517b_6b_202 and earlier does not correctly perform path validation of the workspace directory while uploading artifacts to Jira, allowing ... | 4.3 | 221 | Neutral | No | Yes |
| CVE-2025-57681 | The WorklogPRO - Timesheets for Jira plugin in Jira Data Center before version 4.23.6-jira10 and before version 4.23.5-jira9 allows users and attackers to inject arbitrary HTML or JavaScript via a Cro... | 5.4 | 228 | Neutral | No | Yes |
| CVE-2025-45939 | Apwide Golive 10.2.0 Jira plugin allows Server-Side Request Forgery (SSRF) via the test webhook function. | 6.5 | 352 | Neutral | No | No |
| CVE-2025-45938 | Akeles Out of Office Assistant for Jira 4.0.1 is vulberable to Cross Site Scripting (XSS) via the Jira fullName parameter. | 5.4 | 236 | Neutral | No | No |
| CVE-2025-25363 | An authenticated stored cross-site scripting (XSS) vulnerability in The Plugin People Enterprise Mail Handler for Jira Data Center (JEMH) before v4.1.69-dc allows attackers with Administrator privileg... | 6.5 | 212 | Neutral | No | No |
| CVE-2025-22178 | Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able t... | 4.3 | 163 | Neutral | No | Yes |
| CVE-2025-22177 | Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able t... | 4.3 | 142 | Neutral | No | Yes |
| CVE-2025-22176 | Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able t... | 4.3 | 142 | Neutral | No | Yes |
| CVE-2025-22175 | Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able t... | 5.4 | 164 | Neutral | No | Yes |
| CVE-2025-22174 | Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able t... | 4.3 | 142 | Neutral | No | Yes |
| CVE-2025-22173 | Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able t... | 4.3 | 142 | Neutral | No | Yes |
| CVE-2025-22172 | Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able t... | 4.3 | 142 | Neutral | No | Yes |
| CVE-2025-22171 | Jira Align is vulnerable to an authorization issue. A low-privilege user is able to alter the private checklists of other users. | 4.3 | 142 | Neutral | No | Yes |
| CVE-2025-22170 | Jira Align is vulnerable to an authorization issue. A low-privilege user without sufficient privileges to perform an action could if they included a particular state-related parameter of a user with s... | 4.3 | 142 | Neutral | No | Yes |
| CVE-2025-22169 | Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able t... | 5.4 | 164 | Neutral | No | Yes |
| CVE-2025-22168 | Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able t... | 4.3 | 142 | Neutral | No | Yes |
| CVE-2025-22167 | This High severity Path Traversal (Arbitrary Write) vulnerability was introduced in versions: 9.12.0, 10.3.0 and remain present in 11.0.0 of Jira Software Data Center and Server. This Path Traversal (... | 6.5 | 331 | Neutral | No | Yes |