Search

Find a vulnerability

Search criteria

    342 vulnerabilities

    CVE-2026-61492 (GCVE-0-2026-61492)

    Vulnerability from cvelistv5 – Published: 2026-07-10 14:19 – Updated: 2026-07-10 16:59
    VLAI
    Summary
    In JetBrains YouTrack before 2026.2.17394 stored XSS via article titles in digest emails was possible
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains YouTrack Affected: 0 , < 2026.2.17394 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-61492",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T15:14:28.411503Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T16:59:33.210Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "YouTrack",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.2.17394",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains YouTrack before 2026.2.17394 stored XSS via article titles in digest emails was possible"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T14:19:00.074Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-61492",
        "datePublished": "2026-07-10T14:19:00.074Z",
        "dateReserved": "2026-07-10T13:56:26.656Z",
        "dateUpdated": "2026-07-10T16:59:33.210Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59796 (GCVE-0-2026-59796)

    Vulnerability from cvelistv5 – Published: 2026-07-10 14:18 – Updated: 2026-07-10 16:59
    VLAI
    Summary
    In JetBrains TeamCity before 2026.1.2 pipeline modification was possible due to improper permission checks
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains TeamCity Affected: 0 , < 2026.1.2 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59796",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T15:14:42.442614Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T16:59:40.598Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TeamCity",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.1.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains TeamCity before 2026.1.2 pipeline modification was possible due to improper permission checks"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T14:18:59.634Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-59796",
        "datePublished": "2026-07-10T14:18:59.634Z",
        "dateReserved": "2026-07-07T09:41:09.010Z",
        "dateUpdated": "2026-07-10T16:59:40.598Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59795 (GCVE-0-2026-59795)

    Vulnerability from cvelistv5 – Published: 2026-07-10 14:18 – Updated: 2026-07-10 16:59
    VLAI
    Summary
    In JetBrains TeamCity before 2026.1.2 stored XSS via unauthenticated agent registration was possible
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains TeamCity Affected: 0 , < 2026.1.2 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59795",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T15:15:27.708148Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T16:59:47.774Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TeamCity",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.1.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains TeamCity before 2026.1.2 stored XSS via unauthenticated agent registration was possible"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T14:18:59.039Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-59795",
        "datePublished": "2026-07-10T14:18:59.039Z",
        "dateReserved": "2026-07-07T09:41:08.700Z",
        "dateUpdated": "2026-07-10T16:59:47.774Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59794 (GCVE-0-2026-59794)

    Vulnerability from cvelistv5 – Published: 2026-07-10 14:18 – Updated: 2026-07-10 16:59
    VLAI
    Summary
    In JetBrains TeamCity before 2026.1.2 stored XSS on the cloud profile page was possible via agent-reported data
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains TeamCity Affected: 0 , < 2026.1.2 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59794",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T15:18:35.273081Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T16:59:55.131Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TeamCity",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.1.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains TeamCity before 2026.1.2 stored XSS on the cloud profile page was possible via agent-reported data"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T14:18:58.518Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-59794",
        "datePublished": "2026-07-10T14:18:58.518Z",
        "dateReserved": "2026-07-07T09:41:08.333Z",
        "dateUpdated": "2026-07-10T16:59:55.131Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59793 (GCVE-0-2026-59793)

    Vulnerability from cvelistv5 – Published: 2026-07-10 14:18 – Updated: 2026-07-10 17:00
    VLAI
    Summary
    In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS integration
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains TeamCity Affected: 0 , < 2026.1.2 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59793",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T15:18:55.483474Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T17:00:03.740Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TeamCity",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.1.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS integration"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T14:18:57.861Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-59793",
        "datePublished": "2026-07-10T14:18:57.861Z",
        "dateReserved": "2026-07-07T09:41:07.789Z",
        "dateUpdated": "2026-07-10T17:00:03.740Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59792 (GCVE-0-2026-59792)

    Vulnerability from cvelistv5 – Published: 2026-07-10 14:18 – Updated: 2026-07-10 17:00
    VLAI
    Summary
    In JetBrains IntelliJ IDEA before 2026.1.4, 2026.2 code execution via path traversal in project workspace ID handling was possible
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains IntelliJ IDEA Affected: 0 , < 2026.1.4, 2026.2 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59792",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T15:37:51.583310Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T17:00:13.965Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "IntelliJ IDEA",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.1.4, \n2026.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains IntelliJ IDEA before 2026.1.4, \n2026.2 code execution via path traversal in project workspace ID handling was possible"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T14:18:57.311Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-59792",
        "datePublished": "2026-07-10T14:18:57.311Z",
        "dateReserved": "2026-07-07T09:41:07.385Z",
        "dateUpdated": "2026-07-10T17:00:13.965Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59791 (GCVE-0-2026-59791)

    Vulnerability from cvelistv5 – Published: 2026-07-10 14:18 – Updated: 2026-07-10 17:00
    VLAI
    Summary
    In JetBrains YouTrack before 2026.2.17012 cSS injection via Mermaid diagram rendering was possible
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains YouTrack Affected: 0 , < 2026.2.17012 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59791",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T15:45:20.326917Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T17:00:21.132Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "YouTrack",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.2.17012",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains YouTrack before 2026.2.17012 cSS injection via Mermaid diagram rendering was possible"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1021",
                  "description": "CWE-1021",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T14:18:56.699Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-59791",
        "datePublished": "2026-07-10T14:18:56.699Z",
        "dateReserved": "2026-07-07T09:41:06.835Z",
        "dateUpdated": "2026-07-10T17:00:21.132Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-53914 (GCVE-0-2026-53914)

    Vulnerability from cvelistv5 – Published: 2026-06-26 13:01 – Updated: 2026-06-27 03:55
    VLAI
    Summary
    In JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deserialization in the build cache metadata
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains Kotlin Affected: 0 , < 2.4.20 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-53914",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-26T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-502",
                    "description": "CWE-502 Deserialization of Untrusted Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-27T03:55:26.966Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Kotlin",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2.4.20",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deserialization in the build cache metadata"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T13:01:00.434Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-53914",
        "datePublished": "2026-06-26T13:01:00.434Z",
        "dateReserved": "2026-06-11T13:00:42.498Z",
        "dateUpdated": "2026-06-27T03:55:26.966Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57926 (GCVE-0-2026-57926)

    Vulnerability from cvelistv5 – Published: 2026-06-26 12:38 – Updated: 2026-06-26 13:45
    VLAI
    Summary
    In JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vulnerable to a prototype pollution attack
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1321
    • CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains YouTrack Affected: 0 , < 2026.2.16593 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57926",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-26T13:26:32.244498Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-1321",
                    "description": "CWE-1321 Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-26T13:45:02.085Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "YouTrack",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.2.16593",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vulnerable to a prototype pollution attack"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 2.6,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1321",
                  "description": "CWE-1321",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T12:38:19.536Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-57926",
        "datePublished": "2026-06-26T12:38:19.536Z",
        "dateReserved": "2026-06-26T12:21:24.396Z",
        "dateUpdated": "2026-06-26T13:45:02.085Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57925 (GCVE-0-2026-57925)

    Vulnerability from cvelistv5 – Published: 2026-06-26 12:38 – Updated: 2026-06-26 13:45
    VLAI
    Summary
    In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains YouTrack Affected: 0 , < 2026.2.16593 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57925",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-26T13:26:51.590681Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-26T13:45:18.602Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "YouTrack",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.2.16593",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T12:38:19.039Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-57925",
        "datePublished": "2026-06-26T12:38:19.039Z",
        "dateReserved": "2026-06-26T12:21:24.090Z",
        "dateUpdated": "2026-06-26T13:45:18.602Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57924 (GCVE-0-2026-57924)

    Vulnerability from cvelistv5 – Published: 2026-06-26 12:38 – Updated: 2026-06-26 13:45
    VLAI
    Summary
    In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains YouTrack Affected: 0 , < 2026.2.16593 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57924",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-26T13:27:13.533690Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-26T13:45:33.441Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "YouTrack",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.2.16593",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T12:38:18.647Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-57924",
        "datePublished": "2026-06-26T12:38:18.647Z",
        "dateReserved": "2026-06-26T12:21:23.827Z",
        "dateUpdated": "2026-06-26T13:45:33.441Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57923 (GCVE-0-2026-57923)

    Vulnerability from cvelistv5 – Published: 2026-06-26 12:38 – Updated: 2026-06-26 13:45
    VLAI
    Summary
    In JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed modifying project settings
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains YouTrack Affected: 0 , < 2026.2.16593 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57923",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-26T13:27:33.706322Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-862",
                    "description": "CWE-862 Missing Authorization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-26T13:45:47.920Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "YouTrack",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.2.16593",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed modifying project settings"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T12:38:18.291Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-57923",
        "datePublished": "2026-06-26T12:38:18.291Z",
        "dateReserved": "2026-06-26T12:21:23.467Z",
        "dateUpdated": "2026-06-26T13:45:47.920Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57922 (GCVE-0-2026-57922)

    Vulnerability from cvelistv5 – Published: 2026-06-26 12:38 – Updated: 2026-06-26 13:46
    VLAI
    Summary
    In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains YouTrack Affected: 0 , < 2026.2.16593 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57922",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-26T13:27:56.424537Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-26T13:46:03.260Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "YouTrack",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.2.16593",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T12:38:17.932Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-57922",
        "datePublished": "2026-06-26T12:38:17.932Z",
        "dateReserved": "2026-06-26T12:21:23.232Z",
        "dateUpdated": "2026-06-26T13:46:03.260Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57921 (GCVE-0-2026-57921)

    Vulnerability from cvelistv5 – Published: 2026-06-26 12:38 – Updated: 2026-06-26 13:46
    VLAI
    Summary
    In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templates endpoint
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains YouTrack Affected: 0 , < 2026.2.16593 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57921",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-26T13:28:23.594340Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-26T13:46:22.254Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "YouTrack",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.2.16593",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users\u0027 private data via the comment templates endpoint"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T12:38:17.373Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-57921",
        "datePublished": "2026-06-26T12:38:17.373Z",
        "dateReserved": "2026-06-26T12:21:22.954Z",
        "dateUpdated": "2026-06-26T13:46:22.254Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-50242 (GCVE-0-2026-50242)

    Vulnerability from cvelistv5 – Published: 2026-06-19 11:49 – Updated: 2026-06-24 03:56
    VLAI
    Summary
    In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 authentication bypass via direct database access leading to administrative access was possible
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains Hub Affected: 0 , < 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-50242",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-23T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-24T03:56:16.426Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Hub",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.1.13757,\n2025.3.148033,\n2025.2.148048,\n2025.1.148120,\n2024.3.148430,\n2024.2.148429",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains Hub before 2026.1.13757,\n2025.3.148033,\n2025.2.148048,\n2025.1.148120,\n2024.3.148430,\n2024.2.148429 authentication bypass via direct database access leading to administrative access was possible"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T11:49:42.383Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-50242",
        "datePublished": "2026-06-19T11:49:42.383Z",
        "dateReserved": "2026-06-04T13:03:06.750Z",
        "dateUpdated": "2026-06-24T03:56:16.426Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-56142 (GCVE-0-2026-56142)

    Vulnerability from cvelistv5 – Published: 2026-06-19 11:49 – Updated: 2026-06-24 03:56
    VLAI
    Summary
    In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 privilege escalation by attaching authentication details to accounts was possible
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains Hub Affected: 0 , < 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-56142",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-23T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-24T03:56:17.527Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Hub",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.1.13757,\n2025.3.148033,\n2025.2.148048,\n2025.1.148120,\n2024.3.148430,\n2024.2.148429",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains Hub before 2026.1.13757,\n2025.3.148033,\n2025.2.148048,\n2025.1.148120,\n2024.3.148430,\n2024.2.148429 privilege escalation by attaching authentication details to accounts was possible"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-915",
                  "description": "CWE-915",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T11:49:41.968Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-56142",
        "datePublished": "2026-06-19T11:49:41.968Z",
        "dateReserved": "2026-06-19T10:56:21.696Z",
        "dateUpdated": "2026-06-24T03:56:17.527Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-56141 (GCVE-0-2026-56141)

    Vulnerability from cvelistv5 – Published: 2026-06-19 11:49 – Updated: 2026-06-24 03:56
    VLAI
    Summary
    In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 account takeover via predictable restore codes was possible
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains Hub Affected: 0 , < 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-56141",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-23T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-24T03:56:18.661Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Hub",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.1.13757,\n2025.3.148033,\n2025.2.148048,\n2025.1.148120,\n2024.3.148430,\n2024.2.148429",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains Hub before 2026.1.13757,\n2025.3.148033,\n2025.2.148048,\n2025.1.148120,\n2024.3.148430,\n2024.2.148429 account takeover via predictable restore codes was possible"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-338",
                  "description": "CWE-338",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T11:49:41.463Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-56141",
        "datePublished": "2026-06-19T11:49:41.463Z",
        "dateReserved": "2026-06-19T10:56:21.387Z",
        "dateUpdated": "2026-06-24T03:56:18.661Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-53915 (GCVE-0-2026-53915)

    Vulnerability from cvelistv5 – Published: 2026-06-19 11:49 – Updated: 2026-06-25 13:47
    VLAI
    Summary
    In JetBrains GoLand before 2026.1.3 remote code execution was possible via untrusted project configuration
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains GoLand Affected: 0 , < 2026.1.3 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-53915",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-25T03:55:33.255688Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-25T13:47:51.045Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GoLand",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.1.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains GoLand before 2026.1.3 remote code execution was possible via untrusted project configuration"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T11:49:40.981Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-53915",
        "datePublished": "2026-06-19T11:49:40.981Z",
        "dateReserved": "2026-06-11T13:00:42.886Z",
        "dateUpdated": "2026-06-25T13:47:51.045Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-49386 (GCVE-0-2026-49386)

    Vulnerability from cvelistv5 – Published: 2026-05-29 18:15 – Updated: 2026-05-29 19:03
    VLAI
    Summary
    In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains YouTrack Affected: 0 , < 2026.1.13570 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-49386",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-29T19:03:42.193474Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-29T19:03:55.994Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "YouTrack",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.1.13570",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-29T18:15:54.714Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-49386",
        "datePublished": "2026-05-29T18:15:54.714Z",
        "dateReserved": "2026-05-29T18:08:00.835Z",
        "dateUpdated": "2026-05-29T19:03:55.994Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-49385 (GCVE-0-2026-49385)

    Vulnerability from cvelistv5 – Published: 2026-05-29 18:15 – Updated: 2026-05-29 19:27
    VLAI
    Summary
    In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains YouTrack Affected: 0 , < 2026.1.13570 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-49385",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-29T19:24:24.552797Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-29T19:27:11.563Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "YouTrack",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.1.13570",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-29T18:15:54.342Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-49385",
        "datePublished": "2026-05-29T18:15:54.342Z",
        "dateReserved": "2026-05-29T18:08:00.467Z",
        "dateUpdated": "2026-05-29T19:27:11.563Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-49384 (GCVE-0-2026-49384)

    Vulnerability from cvelistv5 – Published: 2026-05-29 18:15 – Updated: 2026-05-29 19:27
    VLAI
    Summary
    In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains PyCharm Affected: 0 , < 2025.3.4 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-49384",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-29T19:24:14.744158Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-29T19:27:26.582Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PyCharm",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2025.3.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-29T18:15:53.938Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-49384",
        "datePublished": "2026-05-29T18:15:53.938Z",
        "dateReserved": "2026-05-29T18:07:59.764Z",
        "dateUpdated": "2026-05-29T19:27:26.582Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-49383 (GCVE-0-2026-49383)

    Vulnerability from cvelistv5 – Published: 2026-05-29 18:15 – Updated: 2026-05-29 19:27
    VLAI
    Summary
    In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains IntelliJ IDEA Affected: 0 , < 2026.1 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-49383",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-29T19:24:05.532114Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-29T19:27:42.014Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "IntelliJ IDEA",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-611",
                  "description": "CWE-611",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-29T18:15:53.479Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-49383",
        "datePublished": "2026-05-29T18:15:53.479Z",
        "dateReserved": "2026-05-29T18:07:59.485Z",
        "dateUpdated": "2026-05-29T19:27:42.014Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-49382 (GCVE-0-2026-49382)

    Vulnerability from cvelistv5 – Published: 2026-05-29 18:15 – Updated: 2026-05-29 19:28
    VLAI
    Summary
    In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains IntelliJ IDEA Affected: 0 , < 2026.1 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-49382",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-29T19:23:53.968032Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-29T19:28:03.037Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "IntelliJ IDEA",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 4.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1336",
                  "description": "CWE-1336",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-29T18:15:52.223Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-49382",
        "datePublished": "2026-05-29T18:15:52.223Z",
        "dateReserved": "2026-05-29T18:07:59.149Z",
        "dateUpdated": "2026-05-29T19:28:03.037Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-49381 (GCVE-0-2026-49381)

    Vulnerability from cvelistv5 – Published: 2026-05-29 18:15 – Updated: 2026-05-29 19:28
    VLAI
    Summary
    In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains TeamCity Affected: 0 , < 2026.1 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-49381",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-29T19:23:43.237634Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-29T19:28:20.179Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TeamCity",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.4,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-29T18:15:51.705Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-49381",
        "datePublished": "2026-05-29T18:15:51.705Z",
        "dateReserved": "2026-05-29T18:07:58.810Z",
        "dateUpdated": "2026-05-29T19:28:20.179Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-49380 (GCVE-0-2026-49380)

    Vulnerability from cvelistv5 – Published: 2026-05-29 18:15 – Updated: 2026-05-29 19:28
    VLAI
    Summary
    In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains TeamCity Affected: 0 , < 2026.1 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-49380",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-29T19:23:30.579931Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-29T19:28:34.828Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TeamCity",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "CWE-601",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-29T18:15:51.324Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-49380",
        "datePublished": "2026-05-29T18:15:51.324Z",
        "dateReserved": "2026-05-29T18:07:58.325Z",
        "dateUpdated": "2026-05-29T19:28:34.828Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-49379 (GCVE-0-2026-49379)

    Vulnerability from cvelistv5 – Published: 2026-05-29 18:15 – Updated: 2026-05-29 19:28
    VLAI
    Summary
    In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains TeamCity Affected: 0 , < 2026.1 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-49379",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-29T19:23:17.099969Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-29T19:28:49.269Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TeamCity",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-29T18:15:50.938Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-49379",
        "datePublished": "2026-05-29T18:15:50.938Z",
        "dateReserved": "2026-05-29T18:07:58.027Z",
        "dateUpdated": "2026-05-29T19:28:49.269Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-49378 (GCVE-0-2026-49378)

    Vulnerability from cvelistv5 – Published: 2026-05-29 18:15 – Updated: 2026-05-29 19:29
    VLAI
    Summary
    In JetBrains TeamCity before 2026.1 credentials parameters were exposed via parameter autocompletion
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains TeamCity Affected: 0 , < 2026.1 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-49378",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-29T19:23:03.693094Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-29T19:29:03.223Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TeamCity",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains TeamCity before 2026.1 credentials parameters were exposed via parameter autocompletion"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-29T18:15:50.538Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-49378",
        "datePublished": "2026-05-29T18:15:50.538Z",
        "dateReserved": "2026-05-29T18:07:57.737Z",
        "dateUpdated": "2026-05-29T19:29:03.223Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-49377 (GCVE-0-2026-49377)

    Vulnerability from cvelistv5 – Published: 2026-05-29 18:15 – Updated: 2026-05-29 19:29
    VLAI
    Summary
    In JetBrains TeamCity before 2025.11.2 exposure of sensitive data via default agent parameters
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains TeamCity Affected: 0 , < 2025.11.2 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-49377",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-29T19:22:55.827960Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-29T19:29:16.691Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TeamCity",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2025.11.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains TeamCity before 2025.11.2 exposure of sensitive data via default agent parameters"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-526",
                  "description": "CWE-526",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-29T18:15:50.145Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-49377",
        "datePublished": "2026-05-29T18:15:50.145Z",
        "dateReserved": "2026-05-29T18:07:57.451Z",
        "dateUpdated": "2026-05-29T19:29:16.691Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-49376 (GCVE-0-2026-49376)

    Vulnerability from cvelistv5 – Published: 2026-05-29 18:15 – Updated: 2026-05-29 19:29
    VLAI
    Summary
    In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains TeamCity Affected: 0 , < 2026.1 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-49376",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-29T19:22:15.721965Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-29T19:29:30.864Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TeamCity",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-29T18:15:49.766Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-49376",
        "datePublished": "2026-05-29T18:15:49.766Z",
        "dateReserved": "2026-05-29T18:07:57.110Z",
        "dateUpdated": "2026-05-29T19:29:30.864Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-49375 (GCVE-0-2026-49375)

    Vulnerability from cvelistv5 – Published: 2026-05-29 18:15 – Updated: 2026-05-29 19:29
    VLAI
    Summary
    In JetBrains TeamCity before 2026.1, 2025.11.5 reflected XSS was possible on the repository download page
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains TeamCity Affected: 0 , < 2026.1, 2025.11.5 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-49375",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-29T19:22:28.387917Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-29T19:29:45.031Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TeamCity",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.1, \n2025.11.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains TeamCity before 2026.1, \n2025.11.5 reflected XSS was possible on the repository download page"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-29T18:15:49.375Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-49375",
        "datePublished": "2026-05-29T18:15:49.375Z",
        "dateReserved": "2026-05-29T18:07:56.726Z",
        "dateUpdated": "2026-05-29T19:29:45.031Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }