Teamcity CVE Vulnerabilities

By Jetbrains12 known vulnerabilities

Critical
0
High
5
Medium
5
Low
2
None
0

All Teamcity CVEs

Recent Highest Score Oldest
CVE-2026-49381
3.4 low

In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible

May 29, 2026
CVE-2026-49380
3.1 low

In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible

May 29, 2026
CVE-2026-49379
6.5 medium

In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names

May 29, 2026
CVE-2026-49378
4.3 medium

In JetBrains TeamCity before 2026.1 credentials parameters were exposed via parameter autocompletion

May 29, 2026
CVE-2026-49377
4.3 medium

In JetBrains TeamCity before 2025.11.2 exposure of sensitive data via default agent parameters

May 29, 2026
CVE-2026-49376
6.5 medium

In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin

May 29, 2026
CVE-2026-49375
6.1 medium

In JetBrains TeamCity before 2026.1, 2025.11.5 reflected XSS was possible on the repository download page

May 29, 2026
CVE-2026-49374
7.6 high

In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters

May 29, 2026
CVE-2026-49373
7.1 high

In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings

May 29, 2026
CVE-2026-49372
7.5 high

In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible

May 29, 2026
CVE-2026-49371
7.1 high

In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible

May 29, 2026
CVE-2026-44413
8.2 high

In JetBrains TeamCity before 2026.1 2025.11.5 authenticated users could expose server API to unauthorised access

May 11, 2026