wid-sec-w-2026-0770 · Published 2026-03-17 · View on BSI CERT-Bund ↗

Atlassian Jira: Multiple Vulnerabilities

CVSS 8.8 HIGH

Risk Summary

Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

CVEs (6)

CVE-2020-28469 CVE-2022-25883 CVE-2022-25927 CVE-2026-23745 CVE-2026-23950 CVE-2026-24842

Affected Vendors

Atlassian Red Hat

Affected Products (8)

Atlassian · Jira Data Center and Server <11.3.3

Atlassian · Jira Data Center and Server 11.3.3

Atlassian · Jira Data Center and Server <10.3.18

Atlassian · Jira Data Center and Server 10.3.18

Atlassian · Jira Service Management Data Center and Server <11.3.3

Atlassian · Jira Service Management Data Center and Server 11.3.3

Atlassian · Jira Service Management Data Center and Server <10.3.18

Atlassian · Jira Service Management Data Center and Server 10.3.18

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more