PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-61492 JetBrains CVE debrief

CVE-2026-61492 is a stored XSS vulnerability in JetBrains YouTrack before version 2026.2.17394. The issue allowed for stored XSS via article titles in digest emails. The CVSS score for this vulnerability is 3.5, indicating a low severity. This vulnerability exists due to improper handling of user-supplied input in article titles within digest emails. An attacker with low privileges could potentially inject malicious scripts into article titles, which would then be stored and executed when other users view their digest emails. This requires user interaction, as the victim must view the malicious content in their email. To mitigate this risk, administrators should ensure their systems are updated to version 2026.2.17394 or later. Additionally, users should be cautious when interacting with content from untrusted sources in their emails. The CVE record was published on 2026-07-10T15:16:51.153Z and was last modified on 2026-07-10T18:57:39.147Z.

Vendor
JetBrains
Product
YouTrack
CVSS
LOW 3.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-10
Original CVE updated
2026-07-10
Advisory published
2026-07-10
Advisory updated
2026-07-10

Who should care

Users of JetBrains YouTrack, especially those who manage or interact with articles and digest emails, should be aware of this vulnerability. It is crucial for administrators to ensure their systems are updated to version 2026.2.17394 or later to mitigate this risk.

Technical summary

The vulnerability exists in the handling of article titles in digest emails within JetBrains YouTrack. An attacker could potentially inject malicious scripts into article titles, which would then be stored and executed when other users view their digest emails. This issue requires user interaction, as the victim must view the malicious content in their email. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N, indicating that the attack vector is network-based, requires low privileges, and user interaction.

Defensive priority

Given the low CVSS score of 3.5, this vulnerability might not be considered a high priority for immediate remediation. However, as with any security issue, it is essential to address it in a timely manner, especially in environments where user interaction with digest emails is common.

Recommended defensive actions

  • Update JetBrains YouTrack to version 2026.2.17394 or later.
  • Review and monitor article titles and digest emails for suspicious content.
  • Educate users about the risks of clicking on links or interacting with content from untrusted sources in their emails.

Evidence notes

The CVE record was published on 2026-07-10T15:16:51.153Z and was last modified on 2026-07-10T18:57:39.147Z. The NVD entry is currently Analyzed. Vendor advisory is available at https://www.jetbrains.com/privacy-security/issues-fixed/

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-10T15:16:51.153Z and has not been modified since then. The NVD entry is currently Analyzed.