CVE-2026-49380 JetBrains CVE debrief

Who should care

Organizations running JetBrains TeamCity with SAML authentication enabled, particularly those using the built-in SAML plugin for single sign-on. Security teams responsible for CI/CD infrastructure and identity federation configurations should prioritize this patch to prevent potential phishing vectors through authentication redirects.

Technical summary

The SAML plugin in JetBrains TeamCity versions prior to 2026.1 contains an open redirect vulnerability (CWE-601). The flaw allows URL redirection to untrusted sites during the SAML authentication flow. The vulnerability is network-exploitable but requires high attack complexity and user interaction, resulting in a low CVSS 3.1 score of 3.1. Successful exploitation could enable phishing attacks by redirecting authenticated users to attacker-controlled destinations. No confidentiality or availability impact is associated with this vulnerability; integrity impact is low.

Defensive priority

low

Recommended defensive actions

• Upgrade JetBrains TeamCity to version 2026.1 or later to remediate the open redirect vulnerability in the SAML plugin.
• Review SAML authentication flows for unexpected redirect destinations if immediate patching is not feasible.
• Monitor authentication logs for anomalous redirect patterns that may indicate exploitation attempts.
• Validate that all SAML redirect URLs are explicitly allowlisted to prevent redirection to untrusted domains.

Evidence notes

CVE published 2026-05-29T19:16:27.990Z; modified 2026-05-29T20:11:15.977Z. CVSS 3.1 score 3.1 (LOW). Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N. CWE-601 identified. Vendor disclosure via JetBrains security issues page. NVD status: Undergoing Analysis.

Official resources