Atlassian, GitLab, and Zoom this week introduced safety patches that handle over two dozen vulnerabilities throughout their merchandise.
Updates rolled out for Atlassian’s Bamboo, Bitbucket, Confluence, Crowd, and Jira merchandise embrace 32 safety patches for critical- and high-severity vulnerabilities.
Many of the flaws influence third-party dependencies and had been publicly disclosed over the previous two years. Three of those bugs, nonetheless, are from 2021 and 2022.
Atlassian’s January 2026 safety bulletin mentions two vital defects in Bamboo and Confluence Information Middle and Server, tracked as CVE-2025-12383 and CVE-2025-66516, and impacting Eclipse Jersey and Apache Tika, respectively.
In accordance with Atlassian’s advisories, the failings current “a decrease, non-critical assessed threat” to its customers.
All of the remaining 23 CVEs listed within the firm’s safety bulletin are high-severity vulnerabilities, and for 22 of them, Atlassian mentions the third-party dependency affected.Commercial. Scroll to proceed studying.
The bulletin additionally lists CVE-2026-21569, an XXE (XML Exterior Entity) injection bug in Crowd Information Middle and Server that might permit an authenticated attacker to entry content material with out person interplay.
On Wednesday, GitLab launched GitLab Neighborhood Version (CE) and Enterprise Version (EE) variations 18.8.2, 18.7.2, and 18.6.4 with fixes for 5 vulnerabilities.
Three of the bugs, tracked as CVE-2025-13927, CVE-2025-13928, and CVE-2026-0723, are high-severity points that might result in denial-of-service (DoS) circumstances or two-factor authentication (2FA) bypasses.
The remaining flaws are medium-severity defects that might result in DoS circumstances, GitLab notes in its advisory.
Zoom this week introduced fixes for a critical-severity command injection vulnerability in Node Multimedia Routers (MMRs).
Tracked as CVE-2026-22844 (CVSS rating of 9.9), the difficulty might permit assembly individuals to execute arbitrary code remotely on the MMR.
Zoom resolved the flaw within the Node Conferences Hybrid (ZMH) MMR module and Node Assembly Connector (MC) MMR module model 5.2.1716.0.
Customers are suggested to evaluate the Atlassian, GitLab, and Zoom safety bulletins and replace their cases as quickly as doable.
Associated: Oracle’s First 2026 CPU Delivers 337 New Safety Patches
Associated: TP-Hyperlink Patches Vulnerability Exposing VIGI Cameras to Distant Hacking
Associated: Cisco Patches Vulnerability Exploited by Chinese language Hackers
Associated: Fortinet Patches Important Vulnerabilities in FortiFone, FortiSIEM
