PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-59794 JetBrains CVE debrief

CVE-2026-59794 is a stored XSS vulnerability in JetBrains TeamCity before version 2026.1.2. The vulnerability allows for stored XSS attacks via agent-reported data on the cloud profile page. This type of vulnerability can lead to malicious scripts being executed, potentially resulting in unauthorized actions or data breaches. Users of JetBrains TeamCity, especially those with administrative privileges, should be aware of this vulnerability and take steps to mitigate it. The CVSS score for this vulnerability is 7.3, indicating a high severity level. The vulnerability was reported and made public recently, emphasizing the need for prompt action.

Vendor
JetBrains
Product
TeamCity
CVSS
HIGH 7.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-10
Original CVE updated
2026-07-10
Advisory published
2026-07-10
Advisory updated
2026-07-10

Who should care

Users of JetBrains TeamCity, especially those with administrative privileges, should be aware of this vulnerability and take steps to mitigate it. This includes updating to the latest version, reviewing and monitoring agent-reported data, and implementing additional security measures to detect and prevent XSS attacks. IT teams responsible for managing TeamCity instances should prioritize this update to prevent potential exploitation.

Technical summary

The vulnerability, CVE-2026-59794, is a stored XSS issue in JetBrains TeamCity before 2026.1.2. It occurs on the cloud profile page and is triggered by agent-reported data. The CVSS score for this vulnerability is 7.3, indicating a high severity level. This type of vulnerability can lead to malicious scripts being executed, potentially resulting in unauthorized actions or data breaches. Users should focus on updating their TeamCity instances and monitoring for suspicious activity.

Defensive priority

High priority should be given to updating JetBrains TeamCity to version 2026.1.2 or later to prevent exploitation of this vulnerability. Additionally, reviewing and monitoring agent-reported data for suspicious activity and implementing additional security measures are crucial steps in mitigating this vulnerability.

Recommended defensive actions

  • Update JetBrains TeamCity to version 2026.1.2 or later
  • Review and monitor agent-reported data for suspicious activity
  • Implement additional security measures to detect and prevent XSS attacks
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review

Evidence notes

The CVE record for CVE-2026-59794 was published on 2026-07-10T15:16:48.463Z and last modified on 2026-07-10T18:49:04.000Z. The NVD entry is currently Analyzed. The vulnerability is a stored XSS issue in JetBrains TeamCity before 2026.1.2, occurring on the cloud profile page and triggered by agent-reported data. Evidence is limited to public CVE and NVD information.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-10T15:16:48.463Z and has not been modified since then. The NVD entry is currently Analyzed.