Jetbrains
32 CVEsCVE IDSeverityProduct / summaryPublished
CVE-2026-53914
MEDIUM 6.7
Kotlin — In JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deserialization in the build cache me…
2026-06-26
CVE-2026-57921
MEDIUM 4.3
Youtrack — In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the …
2026-06-26
CVE-2026-57922
LOW 3.1
Youtrack — In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible
2026-06-26
CVE-2026-57923
MEDIUM 5.3
Youtrack — In JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed mo…
2026-06-26
CVE-2026-57924
MEDIUM 4.3
Youtrack — In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details
2026-06-26
CVE-2026-57925
MEDIUM 4.3
Youtrack — In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags
2026-06-26
CVE-2026-57926
LOW 2.6
Youtrack — In JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vulnerable to a prototype pollution attack
2026-06-26
CVE-2026-50242
CRITICAL 10
Hub — In JetBrains Hub before 2026.1.13757,
2025.3.148033,
2025.2.148048,
2025.1.148120,
2024.3.148430,
2024.2.14842…
2026-06-19
CVE-2026-53915
HIGH 7.1
Goland — In JetBrains GoLand before 2026.1.3 remote code execution was possible via untrusted project configuration
2026-06-19
CVE-2026-56141
CRITICAL 9.8
Hub — In JetBrains Hub before 2026.1.13757,
2025.3.148033,
2025.2.148048,
2025.1.148120,
2024.3.148430,
2024.2.14842…
2026-06-19
CVE-2026-56142
CRITICAL 9.6
Hub — In JetBrains Hub before 2026.1.13757,
2025.3.148033,
2025.2.148048,
2025.1.148120,
2024.3.148430,
2024.2.14842…
2026-06-19
CVE-2026-49366
HIGH 7.8
Intellij Idea — In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion
2026-05-29
CVE-2026-49367
HIGH 8
Intellij Idea — In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account
2026-05-29
CVE-2026-49368
HIGH 8.7
Youtrack — In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible
2026-05-29
CVE-2026-49369
MEDIUM 4.3
Youtrack — In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages
2026-05-29
CVE-2026-49370
LOW 3.4
Youtrack — In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests
2026-05-29
CVE-2026-49371
HIGH 7.1
Teamcity — In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible
2026-05-29
CVE-2026-49372
HIGH 7.5
Teamcity — In JetBrains TeamCity before 2026.1,
2025.11.5 unauthenticated SSRF via build status was possible
2026-05-29
CVE-2026-49373
HIGH 7.1
Teamcity — In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings
2026-05-29
CVE-2026-49374
HIGH 7.6
Teamcity — In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters
2026-05-29
CVE-2026-49375
MEDIUM 6.1
Teamcity — In JetBrains TeamCity before 2026.1,
2025.11.5 reflected XSS was possible on the repository download page
2026-05-29
CVE-2026-49376
MEDIUM 6.5
Teamcity — In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin
2026-05-29
CVE-2026-49377
MEDIUM 4.3
Teamcity — In JetBrains TeamCity before 2025.11.2 exposure of sensitive data via default agent parameters
2026-05-29
CVE-2026-49378
MEDIUM 4.3
Teamcity — In JetBrains TeamCity before 2026.1 credentials parameters were exposed via parameter autocompletion
2026-05-29
CVE-2026-49379
MEDIUM 6.5
Teamcity — In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names
2026-05-29
CVE-2026-49380
LOW 3.1
Teamcity — In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible
2026-05-29
CVE-2026-49381
LOW 3.4
Teamcity — In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible
2026-05-29
CVE-2026-49382
MEDIUM 4.5
Intellij Idea — In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright p…
2026-05-29
CVE-2026-49383
LOW 3.3
Intellij Idea — In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible
2026-05-29
CVE-2026-49384
MEDIUM 6.1
Pycharm — In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible
2026-05-29
CVE-2026-49385
MEDIUM 6.5
Youtrack — In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify servi…
2026-05-29
CVE-2026-49386
MEDIUM 6.5
Youtrack — In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and…
2026-05-29