XML External Entity Injection Vulnerability in Atlassian Crowd Data Center and Server
CVE-2026-21569

7.9HIGH

Key Information:

Vendor: Atlassian
Status: Crowd Data Center
Vendor: CVE Published:; 28 January 2026

What is CVE-2026-21569?

A vulnerability in Atlassian Crowd Data Center and Server allows authenticated attackers to exploit XML External Entity Injection (XXE), exposing local and remote data. This can lead to significant breaches of confidentiality and availability without requiring user interaction. Users of versions prior to 7.1.3 should promptly upgrade to mitigate risks and protect sensitive information. Refer to the release notes on Atlassian's website for more details and ensure your systems are up-to-date.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Crowd Data Center 7.1.0 to 7.1.2

Crowd Data Center 7.1.3

References

https://confluence.atlassian.com/pages/viewpage.action?pa...

https://jira.atlassian.com/browse/CWD-6453

CVSS V3.0

Score:

7.9

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 28, 2026
Vulnerability Reserved
Jan 1, 2026

JSON

Atlassian

What is CVE-2026-21569?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.0

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.