Atlassian, GitLab, and Zoom this week announced security patches that address over two dozen vulnerabilities across their products.
Updates rolled out for Atlassian’s Bamboo, Bitbucket, Confluence, Crowd, and Jira products include 32 security patches for critical- and high-severity vulnerabilities.
Most of the flaws impact third-party dependencies and were publicly disclosed over the past two years. Three of these bugs, however, are from 2021 and 2022.
Atlassian’s January 2026 security bulletin mentions two critical defects in Bamboo and Confluence Data Center and Server, tracked as CVE-2025-12383 and CVE-2025-66516, and impacting Eclipse Jersey and Apache Tika, respectively.
According to Atlassian’s advisories, the flaws present “a lower, non-critical assessed risk” to its users.
All the remaining 23 CVEs listed in the company’s security bulletin are high-severity vulnerabilities, and for 22 of them, Atlassian mentions the third-party dependency affected.
The bulletin also lists CVE-2026-21569, an XXE (XML External Entity) injection bug in Crowd Data Center and Server that could allow an authenticated attacker to access content without user interaction.
On Wednesday, GitLab released GitLab Community Edition (CE) and Enterprise Edition (EE) versions 18.8.2, 18.7.2, and 18.6.4 with fixes for five vulnerabilities.
Three of the bugs, tracked as CVE-2025-13927, CVE-2025-13928, and CVE-2026-0723, are high-severity issues that could lead to denial-of-service (DoS) conditions or two-factor authentication (2FA) bypasses.
The remaining flaws are medium-severity defects that could lead to DoS conditions, GitLab notes in its advisory.
Zoom this week announced fixes for a critical-severity command injection vulnerability in Node Multimedia Routers (MMRs).
Tracked as CVE-2026-22844 (CVSS score of 9.9), the issue could allow meeting participants to execute arbitrary code remotely on the MMR.
Zoom resolved the flaw in the Node Meetings Hybrid (ZMH) MMR module and Node Meeting Connector (MC) MMR module version 5.2.1716.0.
Users are advised to review the Atlassian, GitLab, and Zoom security bulletins and update their instances as soon as possible.
Related: Oracle’s First 2026 CPU Delivers 337 New Security Patches
Related: TP-Link Patches Vulnerability Exposing VIGI Cameras to Remote Hacking
Related: Cisco Patches Vulnerability Exploited by Chinese Hackers
Related: Fortinet Patches Critical Vulnerabilities in FortiFone, FortiSIEM
