CVE-2026-27825 is a critical unauthenticated RCE (CVSS 9.8) in mcp-atlassian, the AI integration layer connecting Jira and Confluence to AI assistants via the Model Context Protocol, chaining SSRF, unrestricted file write, and missing authentication to achieve code execution with no credentials required. A fix was released on 2026-02-24; organizations should update immediately, rotate all Atlassian API tokens accessible by the MCP integration, and audit MCP server logs for SSRF indicators and unexpected file writes. Given the public exploit documentation from Pluto Security’s MCPwnfluence research, weaponization risk is materially elevated despite a currently low EPSS score.