mcp-atlassian Credential Leak via Hint Parameter Injection (CVE-2026-27825/27826) - ATR-2026-00212 (15cda080-5e0c-5456-9ca5-4ad53383bf36)

Detects the mcp-atlassian credential-leak attack pattern (CVE-2026-27825 and CVE-2026-27826). The jira_cloud_id and confluence_spaces MCP tools accept a "hint" parameter that is forwarded verbatim to the LLM context without sanitization. A malicious hint containing a directive to echo request headers (cookie, Authorization, X-API-Key) coerces the agent into leaking the active Atlassian OAuth session cookie or API token back in a follow-up message. CVE-2026-27825 covers the Jira tool surface; CVE-2026-27826 covers Confluence. Both share the same sink. Patched in mcp-atlassian 0.17.0. Publicly resurfaced as "MCPwnfluence" by Pluto Security in April 2026. Disclosed 2026-02-24, resurfaced 2026-04-17.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	mcp-atlassian Credential Leak via Hint Parameter Injection (CVE-2026-27825/27826) - ATR-2026-00212 (15cda080-5e0c-5456-9ca5-4ad53383bf36)	Agent Threat Rules	1
LLM Meta Prompt Extraction (e98acce8-ed69-4ebe-845b-1bcb662836ba)	MITRE ATLAS Attack Pattern	mcp-atlassian Credential Leak via Hint Parameter Injection (CVE-2026-27825/27826) - ATR-2026-00212 (15cda080-5e0c-5456-9ca5-4ad53383bf36)	Agent Threat Rules	1
mcp-atlassian Credential Leak via Hint Parameter Injection (CVE-2026-27825/27826) - ATR-2026-00212 (15cda080-5e0c-5456-9ca5-4ad53383bf36)	Agent Threat Rules	Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	1
mcp-atlassian Credential Leak via Hint Parameter Injection (CVE-2026-27825/27826) - ATR-2026-00212 (15cda080-5e0c-5456-9ca5-4ad53383bf36)	Agent Threat Rules	Indirect (a4a55526-2f1f-403b-9691-609e46381e17)	MITRE ATLAS Attack Pattern	1
LLM Prompt Injection (19cd2d12-66ff-487c-a05c-e058b027efc9)	MITRE ATLAS Attack Pattern	Indirect (a4a55526-2f1f-403b-9691-609e46381e17)	MITRE ATLAS Attack Pattern	2