Malicious Support Tickets Let Hackers Exploit Atlassian’s Model Context Protocol
gbhackers
A new class of cyberattack is targeting organizations leveraging Atlassian’s Model Context Protocol (MCP), exposing a critical weakness in the boundary between external and internal users.
Researchers have demonstrated that malicious support tickets can be weaponized to exploit AI-powered workflows in Atlassian’s Jira Service Management (JSM), enabling attackers to gain privileged access and exfiltrate sensitive data—all without ever directly breaching internal systems.
How the Attack Works
Traditionally, organizations separate external users—who submit tickets or requests—from internal users, who resolve them with elevated permissions.
However, Atlassian’s MCP, a protocol designed to embed AI into enterprise workflows, blurs this line. When an internal user (such as a support engineer) invokes an AI action—like ticket summarization—through MCP, the action runs with their internal privileges.
If the ticket contains a malicious payload, the AI unwittingly executes harmful instructions, acting as a ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE