Jetbrains: community verdicts
14 notable / known-exploited Jetbrains CVEs the community has triaged.
- CVE-2024-27199HIGH 7.3KEVEPSS 100%
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible
- CVE-2023-42793CRIT 9.8KEVEPSS 100%
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
- CVE-2024-27198CRIT 9.8KEVEPSS 100%
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
- CVE-2026-50242CRIT 10Real · low riskEPSS 0%
In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 authentication bypass via direct database access leading to administrative access was possible
- CVE-2026-56142CRIT 9.9Real · low riskEPSS 0%
In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 privilege escalation by attaching authentication details to accounts was possible
- CVE-2026-57926LOW 2.6EPSS 0%
In JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vulnerable to a prototype pollution attack
- CVE-2026-56141CRIT 9.8Real · low riskEPSS 0%
In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 account takeover via predictable restore codes was possible
- CVE-2026-53915HIGH 7.1Real · low riskEPSS 0%
In JetBrains GoLand before 2026.1.3 remote code execution was possible via untrusted project configuration
- CVE-2026-53914MED 6.7EPSS 0%
In JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deserialization in the build cache metadata
- CVE-2026-57921MED 4.3EPSS 0%
In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templates endpoint
- CVE-2026-57924MED 4.3EPSS 0%
In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details
- CVE-2026-57925MED 4.3EPSS 0%
In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags
- CVE-2026-57923MED 5.3EPSS 0%
In JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed modifying project settings
- CVE-2026-57922LOW 3.1EPSS 0%
In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible