Atlassian, GitLab, Zoom Release Security Patches

Atlassian, GitLab, and Zoom this week announced security patches that address over two dozen vulnerabilities across their products.

Updates rolled out for Atlassian’s Bamboo, Bitbucket, Confluence, Crowd, and Jira products include 32 security patches for critical- and high-severity vulnerabilities.

Most of the flaws impact third-party dependencies and were publicly disclosed over the past two years. Three of these bugs, however, are from 2021 and 2022.

Atlassian’s January 2026 security bulletin mentions two critical defects in Bamboo and Confluence Data Center and Server, tracked as CVE-2025-12383 and CVE-2025-66516, and impacting Eclipse Jersey and Apache Tika, respectively.

According to Atlassian’s advisories, the flaws present “a lower, non-critical assessed risk” to its users.

All the remaining 23 CVEs listed in the company’s security bulletin are high-severity vulnerabilities, and for 22 of them, Atlassian mentions the third-party dependency affected.

The bulletin also lists CVE-2026-21569, an XXE (XML External Entity) injection ...