mcp-atlassian, the Model Context Protocol server used to proxy AI assistant requests to Jira and Confluence, has a CVSS 9.8 unauthenticated RCE vulnerability (CVE-2026-27825) chaining SSRF with arbitrary file write. A patch was released by maintainer sooperset on February 24, 2026; any network-accessible deployment still running an unpatched version should be treated as potentially compromised. This item is particularly notable because MCP server deployments are frequently undocumented and may exist on developer workstations, CI/CD systems, or staging environments outside standard vulnerability management scope. Confirmed details (CVSS vector, exact affected versions) require verification against NVD and the official GitHub advisory; intelligence sourced from secondary reporting only.