CVE-2026-27825 (MCPwnfluence, CVSS 9.8, preliminary intelligence — NVD and official vendor advisory not yet confirmed) is a critical unauthenticated attack chain in mcp-atlassian, an open-source MCP server bridging LLM tooling with Atlassian Confluence and Jira, chaining missing authentication, SSRF, and code injection to achieve full RCE on the host with no credentials required. Fixes were released by maintainer sooperset on 2026-02-24; any organization running mcp-atlassian in AI assistant infrastructure, CI/CD pipelines, or developer environments should apply the patch immediately and treat the host and all accessible Atlassian data as potentially exposed if the service was reachable before patching. This item is sourced from T3 (researcher and vendor threat intelligence) only; priority and technical details should be reassessed once NVD and an official advisory confirm the CVE record.