Atlassian Publishes 100 Security Bulletins Addressing Critical CVEs in Axios, Apache Tomcat, and Netty Across All Data Center Products

Atlassian published 100 security bulletins addressing dozens of critical-severity CVEs in third-party dependencies used across Bamboo, Bitbucket, Confluence, Crowd, Jira, and Fisheye/Crucible Data Center and Server editions. Affected components include Axios (CVE-2026-42043, CVE-2026-40175, CVE-2026-42264), Apache Tomcat (CVE-2026-41293, CVE-2026-43512, CVE-2026-43515), and Netty (CVE-2026-42584), all rated critical severity. Atlassian attributed the volume to coordinated external security research; no active exploitation of these specific vulnerabilities has been reported.