CVE-2026-44413

In JetBrains TeamCity before 2026.1 2025.11.5 authenticated users could expose server API to unauthorised access

high 8.2 CVSS 3.1
Published: May 11, 2026
Modified: May 12, 2026
Vendor: Jetbrains
Product: Teamcity

Description

In JetBrains TeamCity before 2026.1
2025.11.5 authenticated users could expose server API to unauthorised access

References

Related CVEs

CVE-2026-49381 low · 3.4
In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible
CVE-2026-49382 medium · 4.5
In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin
CVE-2026-49383 low · 3.3
In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible
CVE-2026-49384 medium · 6.1
In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible
CVE-2026-49385 medium · 6.5
In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts
CVE-2026-49386 medium · 6.5
In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas