A pop-up survey could appear while you're here --curious what it's for? Click here to learn more!

×
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Critical Defect: Update API + Rovo MCP Connector Silently Destroys Page Content on Title Only Update

Ryan Wilson
Ryan Wilson
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
May 30, 2026

Critical Defect: Conf Update API + Rovo MCP Connector Silently Destroys Page Content on Title-Only Updates

To the Atlassian Rovo and Confluence API Teams,

I am reporting a critical data loss defect in the Confluence update API as exposed through the Atlassian Rovo MCP connector for Claude. This has already caused destructive content loss in a production workspace.

WHAT HAPPENED

I used Claude via the Atlassian Rovo MCP connector to rename and reorganize pages in my Confluence workspace. Claude sent update calls that changed the title but did not include the body field. The Confluence API interpreted the missing body as an instruction to clear the page content. Every page that was renamed had its entire body silently deleted. Multiple pages were destroyed in sequence. Content was only recoverable through Confluence page history.

THE API DESIGN PROBLEM

The Confluence update endpoint treats an omitted body field as "set body to empty" rather than "leave body unchanged." This is destructive-by-default behavior. Standard PATCH semantics across the industry treat omitted fields as "no change." The current design means that any API consumer — human developer or AI agent — that sends a title-only update will silently destroy the page content. This is especially dangerous now that AI agents are primary consumers of this API through MCP.

THE MCP CONNECTOR PROBLEM

The Rovo MCP connector passes update calls through to the API with no safety validation. There is no check that compares the outgoing payload against the existing page state. A call that would reduce a page from 15,000 characters to 0 executes without any warning, confirmation prompt, or block.

WHAT NEEDS TO CHANGE (Atlassian side)

- API behavior: The update endpoint should treat an omitted body field as "no change," not "clear the body." Clearing content should require an explicit flag or a deliberately empty body with a confirmation parameter. This is the single most important fix.

- MCP connector guardrails: The connector should include pre-flight validation that blocks updates where the body would be reduced by more than a configurable threshold (e.g., 50%) without explicit override. It should also take an automatic version snapshot before any write operation.

- Connector-level safety policies: The MCP connector should ship with built-in rules that prevent known destructive patterns, rather than relying on AI model instructions to avoid them.

I have also filed a parallel report with Anthropic regarding Claude's handling of the update calls and the lack of tool-level safety policy infrastructure.

Thank you for your urgent attention.

Ryan

Comment
Watch
Like # people like this
246 views

4 comments

Comment

Log in or Sign up to comment
Matt Richards
Matt Richards
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Champions.
Get recognized
May 30, 2026

Can't wait to see how quickly this get's addressed... 

Like
Reply
Bill Sheboy
Bill Sheboy
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Champions.
Get recognized
May 30, 2026

Hi @Ryan Wilson -- Welcome to the Atlassian Community!

First thing: I am just another Atlassian customer, and not a member of the support team.  With that out of the way...

 

Please note this is a customer community forum for Atlassian products, and related topics.  It is not a channel to reach the Atlassian Support team.

When you are on a paid license for an Atlassian product, please work with your product admin to submit support requests / suggestions here: https://support.atlassian.com/contact#/

When you are instead on free license level, please use the "Give feedback" form under help in the various products to report a defect or suggestion.

To find any related suggestions / defects in the public backlog, please check here: https://jira.atlassian.com/secure/Dashboard.jspa

 

Kind regards,
Bill

Like # people like this
Reply
Tyler Brown
Tyler Brown
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 31, 2026

Hi @Ryan Wilson  thanks for reporting this. Sorry you were impacted by this.  I'm one of the developers working on the Confluence MCP tools and I have brought this up to the team. We will look at getting this bug fixed ASAP, and then exploring the other suggestions you mentioned as well. 

Like
Reply
Nicola Pacini
Nicola Pacini
June 1, 2026

Do you think this issue might affect also other coding assistant such as Amazon Kiro?

Like
Reply
groups-icon
Atlassian Rovo MCP Server
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2026 Atlassian
    Privacy Policy Notice at Collection Terms Security