These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-56142 is a critical privilege escalation vulnerability in JetBrains Hub. The issue allows attackers to escalate privileges by attaching authentication details to accounts. This vulnerability affects multiple versions of JetBrains Hub, including those prior to 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, and 2024.2.148429. The vulnerability has a CVSS score of 9.9, ind [truncated]
CVE-2026-56141 is a critical vulnerability in JetBrains Hub, a software development collaboration tool. The issue allows for account takeover via predictable restore codes. Affected versions include those before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, and 2024.2.148429. The vulnerability has a CVSS score of 9.8, indicating a high severity. Defenders should prioritize patc [truncated]
CVE-2026-50242 is a critical authentication bypass vulnerability in JetBrains Hub. The issue allows for direct database access, leading to administrative access. Affected versions include those before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, and 2024.2.148429. The CVSS score is 10, indicating the highest severity. Defenders should prioritize patching due to the potential f [truncated]
JetBrains YouTrack versions prior to 2026.1.13570 contain an improper access control vulnerability (CWE-639) in the Planning Canvas feature. An authenticated attacker with low privileges can enumerate restricted issues and articles that should not be accessible to them. The vulnerability has a CVSS 3.1 score of 6.5 (MEDIUM severity) with vector AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, indicating network-based [truncated]
A medium-severity improper access control vulnerability in JetBrains YouTrack before version 2026.1.13570 allows low-privileged users to modify service accounts. The vulnerability stems from missing authorization checks (CWE-862) that fail to restrict service account modification to administrative roles. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) indicates network-accessible attack vector w [truncated]
A stored cross-site scripting (XSS) vulnerability in JetBrains PyCharm before version 2025.3.4 allows malicious JavaScript to persist in Jupyter notebook Markdown cells. The flaw carries a CVSS 3.1 score of 6.1 (Medium) with the vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, indicating network attack vector, low attack complexity, no privileges required, user interaction needed, and scope change wit [truncated]
A low-severity XML External Entity (XXE) vulnerability exists in JetBrains IntelliJ IDEA versions prior to 2026.1. The flaw resides in the UI Designer form parser, which processes XML-based form definitions. Successful exploitation could allow information disclosure through local file access when a user opens a maliciously crafted form file. The attack requires local access and user interaction, with no p [truncated]
A template injection vulnerability in the Copyright plugin of JetBrains IntelliJ IDEA before version 2026.1 could allow code execution. The vulnerability, classified as CWE-1336 (Improper Neutralization of Special Elements Used in a Template Engine), requires local access with high attack complexity and user interaction. The CVSS 3.1 score of 4.5 reflects limited impacts to confidentiality, integrity, and [truncated]
A stored cross-site scripting (XSS) vulnerability in JetBrains TeamCity before version 2026.1 allows an attacker with administrative privileges to inject malicious scripts into the SAML login page. The vulnerability requires high privileges and user interaction, limiting its exploitability. The CVSS 3.1 score of 3.4 reflects the need for an authenticated administrator to perform the attack and a victim to [truncated]
A low-severity open redirect vulnerability exists in JetBrains TeamCity's SAML authentication plugin prior to version 2026.1. The flaw, classified as CWE-601 (URL Redirection to Untrusted Site), could allow an attacker to redirect users to malicious websites after authentication. The vulnerability requires network access and user interaction, with high attack complexity due to the need to bypass security [truncated]
A credentials exposure vulnerability in JetBrains TeamCity before version 2026.1 allows sensitive information to appear in thread names, potentially exposing credentials to users with local access to process listings or diagnostic outputs. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) indicates network attack vector with low attack complexity, requiring low privileges and yielding high confide [truncated]
A medium-severity information disclosure vulnerability in JetBrains TeamCity before version 2026.1 exposes credential parameters through the parameter autocompletion feature. Authenticated users with low privileges can leverage this UI behavior to discover sensitive credential values that should remain concealed. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) indicates network-accessible attack [truncated]
JetBrains TeamCity versions prior to 2025.11.2 expose sensitive data through default agent parameters. This information disclosure vulnerability (CWE-526) allows authenticated users with low privileges to access sensitive information that should not be exposed by default configuration. The CVSS 3.1 score of 4.3 (Medium severity) reflects network-based attack vector with low attack complexity, requiring lo [truncated]
A medium-severity authentication bypass vulnerability exists in JetBrains TeamCity's SAML plugin prior to version 2026.1. Insufficient username validation during SAML authentication processing could allow an attacker to potentially impersonate legitimate users or gain unauthorized access to the CI/CD platform. The vulnerability stems from improper authorization controls (CWE-863) in the SAML identity prov [truncated]
A reflected cross-site scripting (XSS) vulnerability exists in JetBrains TeamCity versions prior to 2026.1 and 2025.11.5. The flaw affects the repository download page and could allow an attacker to execute malicious scripts in a victim's browser context. The CVSS 3.1 score of 6.1 (MEDIUM) reflects network attack vector, low attack complexity, no privileges required, but user interaction required, with sc [truncated]
A high-severity vulnerability in JetBrains TeamCity before version 2026.1 allows authenticated users with low privileges to access build configuration parameters due to improper permission checks. The vulnerability, published on May 29, 2026, carries a CVSS 3.1 score of 7.6 (HIGH) with a vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L. The underlying weakness is categorized as CWE-862 (Missing Auth [truncated]
JetBrains TeamCity before version 2026.1 contains a remote code execution vulnerability exploitable through Perforce connection settings. The vulnerability, classified as CWE-88 (Improper Neutralization of Argument Delimiters in a Command), allows an attacker with low privileges to execute arbitrary code on the affected system. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N) indicates network at [truncated]
JetBrains TeamCity versions prior to 2026.1 and 2025.11.5 contain an unauthenticated Server-Side Request Forgery (SSRF) vulnerability exploitable through build status functionality. The flaw allows remote attackers to induce the server to make requests to arbitrary destinations without authentication. With a CVSS 3.1 score of 7.5 (HIGH), this vulnerability presents significant risk as it requires no privi [truncated]
A reflected cross-site scripting (XSS) vulnerability exists in JetBrains TeamCity versions prior to 2026.1.1. The flaw resides in the keyword filter functionality, where insufficient input sanitization allows attacker-controlled script content to execute in a victim's browser context. With a CVSS 3.1 score of 7.1 (High), this vulnerability presents significant risk due to its network attack vector, low at [truncated]
A low-severity information disclosure vulnerability in JetBrains YouTrack before version 2026.1.13162 allows authenticated administrators to inadvertently expose sensitive information through fetchApp requests. The vulnerability, published on May 29, 2026, carries a CVSS 3.1 score of 3.4 (Low severity) with the vector AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N. The attack requires high privileges (administrator [truncated]
A medium-severity information disclosure vulnerability exists in JetBrains YouTrack versions prior to 2026.1.13162. The flaw allows authenticated users to access sensitive information through the Users and Groups pages. The vulnerability was disclosed on 2026-05-29 and is currently undergoing analysis by NVD. No known exploitation in the wild or ransomware campaign use has been reported.
JetBrains YouTrack versions prior to 2026.1.13162 contain a stored cross-site scripting (XSS) vulnerability in project notification templates. An authenticated attacker with low privileges can inject malicious scripts into notification templates, which execute when rendered in other users' browsers. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N) indicates network attack vector, low attack compl [truncated]
A command execution vulnerability exists in JetBrains IntelliJ IDEA versions prior to 2026.1.1. The flaw allows command execution via the guest user account, presenting a significant security risk in multi-user or shared environments where guest access may be enabled. The vulnerability is classified as HIGH severity with a CVSS score of 8.0. The attack vector is network-based with low attack complexity, r [truncated]
A command injection vulnerability exists in JetBrains IntelliJ IDEA versions prior to 2026.1.1. The flaw occurs during filename completion, where unsanitized input can be injected into system commands. This is classified as CWE-78 (OS Command Injection). The CVSS 3.1 score of 7.8 (HIGH) reflects local attack vector, low attack complexity, no privileges required, but user interaction needed, with high impa [truncated]
CVE-2024-27199 is a JetBrains TeamCity relative path traversal vulnerability that CISA has added to the Known Exploited Vulnerabilities catalog. Because CISA also records known ransomware campaign use, organizations running TeamCity should treat remediation as urgent and follow vendor and CISA guidance without delay.
CVE-2024-27198 is a JetBrains TeamCity authentication bypass vulnerability that CISA added to the Known Exploited Vulnerabilities catalog on 2024-03-07. The source corpus also marks known ransomware campaign use, so defenders should treat this as an urgent exposure rather than a routine patch item. CISA’s required action is to apply vendor mitigations or discontinue use of the product if mitigations are u [truncated]
CVE-2023-42793 affects JetBrains TeamCity and is described as an authentication bypass vulnerability. CISA added it to the Known Exploited Vulnerabilities catalog on 2023-10-04, indicating active exploitation concerns and known ransomware campaign use. For defenders, this is a high-priority CI/CD exposure because TeamCity often sits close to build systems, credentials, and release workflows.
