J

Jetbrains Security Vulnerabilities (CVE)

Explore vulnerabilities and security advisories affecting Jetbrains products.

22 known CVE vulnerabilities tracked

Critical
0
High
8
Medium
10
Low
4
None
0

Vulnerabilities By Year

22
2026

Products Affected

Teamcity 12 Youtrack 5 Intellij Idea 4 Pycharm 1

All Jetbrains CVEs

Recent Highest Score Oldest
CVE-2026-49386
6.5 medium

In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas

Youtrack May 29, 2026
CVE-2026-49385
6.5 medium

In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts

Youtrack May 29, 2026
CVE-2026-49384
6.1 medium

In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible

Pycharm May 29, 2026
CVE-2026-49383
3.3 low

In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible

Intellij Idea May 29, 2026
CVE-2026-49382
4.5 medium

In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin

Intellij Idea May 29, 2026
CVE-2026-49381
3.4 low

In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible

Teamcity May 29, 2026
CVE-2026-49380
3.1 low

In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible

Teamcity May 29, 2026
CVE-2026-49379
6.5 medium

In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names

Teamcity May 29, 2026
CVE-2026-49378
4.3 medium

In JetBrains TeamCity before 2026.1 credentials parameters were exposed via parameter autocompletion

Teamcity May 29, 2026
CVE-2026-49377
4.3 medium

In JetBrains TeamCity before 2025.11.2 exposure of sensitive data via default agent parameters

Teamcity May 29, 2026
CVE-2026-49376
6.5 medium

In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin

Teamcity May 29, 2026
CVE-2026-49375
6.1 medium

In JetBrains TeamCity before 2026.1, 2025.11.5 reflected XSS was possible on the repository download page

Teamcity May 29, 2026
CVE-2026-49374
7.6 high

In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters

Teamcity May 29, 2026
CVE-2026-49373
7.1 high

In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings

Teamcity May 29, 2026
CVE-2026-49372
7.5 high

In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible

Teamcity May 29, 2026
CVE-2026-49371
7.1 high

In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible

Teamcity May 29, 2026
CVE-2026-49370
3.4 low

In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests

Youtrack May 29, 2026
CVE-2026-49369
4.3 medium

In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages

Youtrack May 29, 2026
CVE-2026-49368
8.7 high

In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible

Youtrack May 29, 2026
CVE-2026-49367
8.0 high

In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account

Intellij Idea May 29, 2026
CVE-2026-49366
7.8 high

In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion

Intellij Idea May 29, 2026
CVE-2026-44413
8.2 high

In JetBrains TeamCity before 2026.1 2025.11.5 authenticated users could expose server API to unauthorised access

Teamcity May 11, 2026