Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    1183 vulnerabilities by JetBrains

    CVE-2026-62422 (GCVE-0-2026-62422)

    Vulnerability from nvd – Published: 2026-07-14 10:17 – Updated: 2026-07-15 04:00
    VLAI
    Summary
    In JetBrains YouTrack before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 authentication bypass via direct database access leading to administrative access was possible
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains YouTrack Affected: 0 , < 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-62422",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T04:00:57.907Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "YouTrack",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.1.13757,\n2025.3.148033,\n2025.2.148048,\n2025.1.148120,\n2024.3.148430,\n2024.2.148429",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains YouTrack before 2026.1.13757,\n2025.3.148033,\n2025.2.148048,\n2025.1.148120,\n2024.3.148430,\n2024.2.148429 authentication bypass via direct database access leading to administrative access was possible"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T10:17:59.267Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-62422",
        "datePublished": "2026-07-14T10:17:59.267Z",
        "dateReserved": "2026-07-14T10:16:43.594Z",
        "dateUpdated": "2026-07-15T04:00:57.907Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-61492 (GCVE-0-2026-61492)

    Vulnerability from nvd – Published: 2026-07-10 14:19 – Updated: 2026-07-10 16:59
    VLAI
    Summary
    In JetBrains YouTrack before 2026.2.17394 stored XSS via article titles in digest emails was possible
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains YouTrack Affected: 0 , < 2026.2.17394 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-61492",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T15:14:28.411503Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T16:59:33.210Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "YouTrack",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.2.17394",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains YouTrack before 2026.2.17394 stored XSS via article titles in digest emails was possible"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T14:19:00.074Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-61492",
        "datePublished": "2026-07-10T14:19:00.074Z",
        "dateReserved": "2026-07-10T13:56:26.656Z",
        "dateUpdated": "2026-07-10T16:59:33.210Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59796 (GCVE-0-2026-59796)

    Vulnerability from nvd – Published: 2026-07-10 14:18 – Updated: 2026-07-14 03:55
    VLAI
    Summary
    In JetBrains TeamCity before 2026.1.2 pipeline modification was possible due to improper permission checks
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains TeamCity Affected: 0 , < 2026.1.2 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59796",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T03:55:42.656Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TeamCity",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.1.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains TeamCity before 2026.1.2 pipeline modification was possible due to improper permission checks"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T14:18:59.634Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-59796",
        "datePublished": "2026-07-10T14:18:59.634Z",
        "dateReserved": "2026-07-07T09:41:09.010Z",
        "dateUpdated": "2026-07-14T03:55:42.656Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59795 (GCVE-0-2026-59795)

    Vulnerability from nvd – Published: 2026-07-10 14:18 – Updated: 2026-07-10 16:59
    VLAI
    Summary
    In JetBrains TeamCity before 2026.1.2 stored XSS via unauthenticated agent registration was possible
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains TeamCity Affected: 0 , < 2026.1.2 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59795",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T15:15:27.708148Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T16:59:47.774Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TeamCity",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.1.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains TeamCity before 2026.1.2 stored XSS via unauthenticated agent registration was possible"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T14:18:59.039Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-59795",
        "datePublished": "2026-07-10T14:18:59.039Z",
        "dateReserved": "2026-07-07T09:41:08.700Z",
        "dateUpdated": "2026-07-10T16:59:47.774Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59794 (GCVE-0-2026-59794)

    Vulnerability from nvd – Published: 2026-07-10 14:18 – Updated: 2026-07-10 16:59
    VLAI
    Summary
    In JetBrains TeamCity before 2026.1.2 stored XSS on the cloud profile page was possible via agent-reported data
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains TeamCity Affected: 0 , < 2026.1.2 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59794",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T15:18:35.273081Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T16:59:55.131Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TeamCity",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.1.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains TeamCity before 2026.1.2 stored XSS on the cloud profile page was possible via agent-reported data"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T14:18:58.518Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-59794",
        "datePublished": "2026-07-10T14:18:58.518Z",
        "dateReserved": "2026-07-07T09:41:08.333Z",
        "dateUpdated": "2026-07-10T16:59:55.131Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59793 (GCVE-0-2026-59793)

    Vulnerability from nvd – Published: 2026-07-10 14:18 – Updated: 2026-07-14 03:55
    VLAI
    Summary
    In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS integration
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains TeamCity Affected: 0 , < 2026.1.2 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59793",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T03:55:41.755Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TeamCity",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.1.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS integration"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T14:18:57.861Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-59793",
        "datePublished": "2026-07-10T14:18:57.861Z",
        "dateReserved": "2026-07-07T09:41:07.789Z",
        "dateUpdated": "2026-07-14T03:55:41.755Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59792 (GCVE-0-2026-59792)

    Vulnerability from nvd – Published: 2026-07-10 14:18 – Updated: 2026-07-14 03:55
    VLAI
    Summary
    In JetBrains IntelliJ IDEA before 2026.1.4, 2026.2 code execution via path traversal in project workspace ID handling was possible
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains IntelliJ IDEA Affected: 0 , < 2026.1.4, 2026.2 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59792",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T03:55:40.249Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "IntelliJ IDEA",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.1.4, \n2026.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains IntelliJ IDEA before 2026.1.4, \n2026.2 code execution via path traversal in project workspace ID handling was possible"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T14:18:57.311Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-59792",
        "datePublished": "2026-07-10T14:18:57.311Z",
        "dateReserved": "2026-07-07T09:41:07.385Z",
        "dateUpdated": "2026-07-14T03:55:40.249Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59791 (GCVE-0-2026-59791)

    Vulnerability from nvd – Published: 2026-07-10 14:18 – Updated: 2026-07-10 17:00
    VLAI
    Summary
    In JetBrains YouTrack before 2026.2.17012 cSS injection via Mermaid diagram rendering was possible
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains YouTrack Affected: 0 , < 2026.2.17012 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59791",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T15:45:20.326917Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T17:00:21.132Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "YouTrack",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.2.17012",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains YouTrack before 2026.2.17012 cSS injection via Mermaid diagram rendering was possible"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1021",
                  "description": "CWE-1021",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T14:18:56.699Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-59791",
        "datePublished": "2026-07-10T14:18:56.699Z",
        "dateReserved": "2026-07-07T09:41:06.835Z",
        "dateUpdated": "2026-07-10T17:00:21.132Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57926 (GCVE-0-2026-57926)

    Vulnerability from nvd – Published: 2026-06-26 12:38 – Updated: 2026-06-26 13:45
    VLAI
    Summary
    In JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vulnerable to a prototype pollution attack
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1321
    • CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains YouTrack Affected: 0 , < 2026.2.16593 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57926",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-26T13:26:32.244498Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-1321",
                    "description": "CWE-1321 Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-26T13:45:02.085Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "YouTrack",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.2.16593",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vulnerable to a prototype pollution attack"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 2.6,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1321",
                  "description": "CWE-1321",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T12:38:19.536Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-57926",
        "datePublished": "2026-06-26T12:38:19.536Z",
        "dateReserved": "2026-06-26T12:21:24.396Z",
        "dateUpdated": "2026-06-26T13:45:02.085Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57925 (GCVE-0-2026-57925)

    Vulnerability from nvd – Published: 2026-06-26 12:38 – Updated: 2026-06-26 13:45
    VLAI
    Summary
    In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains YouTrack Affected: 0 , < 2026.2.16593 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57925",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-26T13:26:51.590681Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-26T13:45:18.602Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "YouTrack",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.2.16593",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T12:38:19.039Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-57925",
        "datePublished": "2026-06-26T12:38:19.039Z",
        "dateReserved": "2026-06-26T12:21:24.090Z",
        "dateUpdated": "2026-06-26T13:45:18.602Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57924 (GCVE-0-2026-57924)

    Vulnerability from nvd – Published: 2026-06-26 12:38 – Updated: 2026-06-26 13:45
    VLAI
    Summary
    In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains YouTrack Affected: 0 , < 2026.2.16593 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57924",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-26T13:27:13.533690Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-26T13:45:33.441Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "YouTrack",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.2.16593",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T12:38:18.647Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-57924",
        "datePublished": "2026-06-26T12:38:18.647Z",
        "dateReserved": "2026-06-26T12:21:23.827Z",
        "dateUpdated": "2026-06-26T13:45:33.441Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57923 (GCVE-0-2026-57923)

    Vulnerability from nvd – Published: 2026-06-26 12:38 – Updated: 2026-06-26 13:45
    VLAI
    Summary
    In JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed modifying project settings
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains YouTrack Affected: 0 , < 2026.2.16593 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57923",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-26T13:27:33.706322Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-862",
                    "description": "CWE-862 Missing Authorization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-26T13:45:47.920Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "YouTrack",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.2.16593",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed modifying project settings"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T12:38:18.291Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-57923",
        "datePublished": "2026-06-26T12:38:18.291Z",
        "dateReserved": "2026-06-26T12:21:23.467Z",
        "dateUpdated": "2026-06-26T13:45:47.920Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57922 (GCVE-0-2026-57922)

    Vulnerability from nvd – Published: 2026-06-26 12:38 – Updated: 2026-06-26 13:46
    VLAI
    Summary
    In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains YouTrack Affected: 0 , < 2026.2.16593 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57922",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-26T13:27:56.424537Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-26T13:46:03.260Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "YouTrack",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.2.16593",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T12:38:17.932Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-57922",
        "datePublished": "2026-06-26T12:38:17.932Z",
        "dateReserved": "2026-06-26T12:21:23.232Z",
        "dateUpdated": "2026-06-26T13:46:03.260Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57921 (GCVE-0-2026-57921)

    Vulnerability from nvd – Published: 2026-06-26 12:38 – Updated: 2026-06-26 13:46
    VLAI
    Summary
    In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templates endpoint
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains YouTrack Affected: 0 , < 2026.2.16593 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57921",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-26T13:28:23.594340Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-26T13:46:22.254Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "YouTrack",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.2.16593",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users\u0027 private data via the comment templates endpoint"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T12:38:17.373Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-57921",
        "datePublished": "2026-06-26T12:38:17.373Z",
        "dateReserved": "2026-06-26T12:21:22.954Z",
        "dateUpdated": "2026-06-26T13:46:22.254Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-53914 (GCVE-0-2026-53914)

    Vulnerability from nvd – Published: 2026-06-26 13:01 – Updated: 2026-06-27 03:55
    VLAI
    Summary
    In JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deserialization in the build cache metadata
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains Kotlin Affected: 0 , < 2.4.20 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-53914",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-26T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-502",
                    "description": "CWE-502 Deserialization of Untrusted Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-27T03:55:26.966Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Kotlin",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2.4.20",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deserialization in the build cache metadata"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T13:01:00.434Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-53914",
        "datePublished": "2026-06-26T13:01:00.434Z",
        "dateReserved": "2026-06-11T13:00:42.498Z",
        "dateUpdated": "2026-06-27T03:55:26.966Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-62422 (GCVE-0-2026-62422)

    Vulnerability from cvelistv5 – Published: 2026-07-14 10:17 – Updated: 2026-07-15 04:00
    VLAI
    Summary
    In JetBrains YouTrack before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 authentication bypass via direct database access leading to administrative access was possible
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains YouTrack Affected: 0 , < 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-62422",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T04:00:57.907Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "YouTrack",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.1.13757,\n2025.3.148033,\n2025.2.148048,\n2025.1.148120,\n2024.3.148430,\n2024.2.148429",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains YouTrack before 2026.1.13757,\n2025.3.148033,\n2025.2.148048,\n2025.1.148120,\n2024.3.148430,\n2024.2.148429 authentication bypass via direct database access leading to administrative access was possible"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T10:17:59.267Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-62422",
        "datePublished": "2026-07-14T10:17:59.267Z",
        "dateReserved": "2026-07-14T10:16:43.594Z",
        "dateUpdated": "2026-07-15T04:00:57.907Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-61492 (GCVE-0-2026-61492)

    Vulnerability from cvelistv5 – Published: 2026-07-10 14:19 – Updated: 2026-07-10 16:59
    VLAI
    Summary
    In JetBrains YouTrack before 2026.2.17394 stored XSS via article titles in digest emails was possible
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains YouTrack Affected: 0 , < 2026.2.17394 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-61492",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T15:14:28.411503Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T16:59:33.210Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "YouTrack",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.2.17394",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains YouTrack before 2026.2.17394 stored XSS via article titles in digest emails was possible"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T14:19:00.074Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-61492",
        "datePublished": "2026-07-10T14:19:00.074Z",
        "dateReserved": "2026-07-10T13:56:26.656Z",
        "dateUpdated": "2026-07-10T16:59:33.210Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59796 (GCVE-0-2026-59796)

    Vulnerability from cvelistv5 – Published: 2026-07-10 14:18 – Updated: 2026-07-14 03:55
    VLAI
    Summary
    In JetBrains TeamCity before 2026.1.2 pipeline modification was possible due to improper permission checks
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains TeamCity Affected: 0 , < 2026.1.2 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59796",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T03:55:42.656Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TeamCity",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.1.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains TeamCity before 2026.1.2 pipeline modification was possible due to improper permission checks"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T14:18:59.634Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-59796",
        "datePublished": "2026-07-10T14:18:59.634Z",
        "dateReserved": "2026-07-07T09:41:09.010Z",
        "dateUpdated": "2026-07-14T03:55:42.656Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59795 (GCVE-0-2026-59795)

    Vulnerability from cvelistv5 – Published: 2026-07-10 14:18 – Updated: 2026-07-10 16:59
    VLAI
    Summary
    In JetBrains TeamCity before 2026.1.2 stored XSS via unauthenticated agent registration was possible
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains TeamCity Affected: 0 , < 2026.1.2 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59795",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T15:15:27.708148Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T16:59:47.774Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TeamCity",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.1.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains TeamCity before 2026.1.2 stored XSS via unauthenticated agent registration was possible"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T14:18:59.039Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-59795",
        "datePublished": "2026-07-10T14:18:59.039Z",
        "dateReserved": "2026-07-07T09:41:08.700Z",
        "dateUpdated": "2026-07-10T16:59:47.774Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59794 (GCVE-0-2026-59794)

    Vulnerability from cvelistv5 – Published: 2026-07-10 14:18 – Updated: 2026-07-10 16:59
    VLAI
    Summary
    In JetBrains TeamCity before 2026.1.2 stored XSS on the cloud profile page was possible via agent-reported data
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains TeamCity Affected: 0 , < 2026.1.2 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59794",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T15:18:35.273081Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T16:59:55.131Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TeamCity",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.1.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains TeamCity before 2026.1.2 stored XSS on the cloud profile page was possible via agent-reported data"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T14:18:58.518Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-59794",
        "datePublished": "2026-07-10T14:18:58.518Z",
        "dateReserved": "2026-07-07T09:41:08.333Z",
        "dateUpdated": "2026-07-10T16:59:55.131Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59793 (GCVE-0-2026-59793)

    Vulnerability from cvelistv5 – Published: 2026-07-10 14:18 – Updated: 2026-07-14 03:55
    VLAI
    Summary
    In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS integration
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains TeamCity Affected: 0 , < 2026.1.2 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59793",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T03:55:41.755Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TeamCity",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.1.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS integration"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T14:18:57.861Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-59793",
        "datePublished": "2026-07-10T14:18:57.861Z",
        "dateReserved": "2026-07-07T09:41:07.789Z",
        "dateUpdated": "2026-07-14T03:55:41.755Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59792 (GCVE-0-2026-59792)

    Vulnerability from cvelistv5 – Published: 2026-07-10 14:18 – Updated: 2026-07-14 03:55
    VLAI
    Summary
    In JetBrains IntelliJ IDEA before 2026.1.4, 2026.2 code execution via path traversal in project workspace ID handling was possible
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains IntelliJ IDEA Affected: 0 , < 2026.1.4, 2026.2 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59792",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T03:55:40.249Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "IntelliJ IDEA",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.1.4, \n2026.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains IntelliJ IDEA before 2026.1.4, \n2026.2 code execution via path traversal in project workspace ID handling was possible"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T14:18:57.311Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-59792",
        "datePublished": "2026-07-10T14:18:57.311Z",
        "dateReserved": "2026-07-07T09:41:07.385Z",
        "dateUpdated": "2026-07-14T03:55:40.249Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59791 (GCVE-0-2026-59791)

    Vulnerability from cvelistv5 – Published: 2026-07-10 14:18 – Updated: 2026-07-10 17:00
    VLAI
    Summary
    In JetBrains YouTrack before 2026.2.17012 cSS injection via Mermaid diagram rendering was possible
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains YouTrack Affected: 0 , < 2026.2.17012 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59791",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T15:45:20.326917Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T17:00:21.132Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "YouTrack",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.2.17012",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains YouTrack before 2026.2.17012 cSS injection via Mermaid diagram rendering was possible"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1021",
                  "description": "CWE-1021",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T14:18:56.699Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-59791",
        "datePublished": "2026-07-10T14:18:56.699Z",
        "dateReserved": "2026-07-07T09:41:06.835Z",
        "dateUpdated": "2026-07-10T17:00:21.132Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-53914 (GCVE-0-2026-53914)

    Vulnerability from cvelistv5 – Published: 2026-06-26 13:01 – Updated: 2026-06-27 03:55
    VLAI
    Summary
    In JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deserialization in the build cache metadata
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains Kotlin Affected: 0 , < 2.4.20 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-53914",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-26T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-502",
                    "description": "CWE-502 Deserialization of Untrusted Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-27T03:55:26.966Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Kotlin",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2.4.20",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deserialization in the build cache metadata"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T13:01:00.434Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-53914",
        "datePublished": "2026-06-26T13:01:00.434Z",
        "dateReserved": "2026-06-11T13:00:42.498Z",
        "dateUpdated": "2026-06-27T03:55:26.966Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57926 (GCVE-0-2026-57926)

    Vulnerability from cvelistv5 – Published: 2026-06-26 12:38 – Updated: 2026-06-26 13:45
    VLAI
    Summary
    In JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vulnerable to a prototype pollution attack
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1321
    • CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains YouTrack Affected: 0 , < 2026.2.16593 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57926",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-26T13:26:32.244498Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-1321",
                    "description": "CWE-1321 Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-26T13:45:02.085Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "YouTrack",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.2.16593",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vulnerable to a prototype pollution attack"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 2.6,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1321",
                  "description": "CWE-1321",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T12:38:19.536Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-57926",
        "datePublished": "2026-06-26T12:38:19.536Z",
        "dateReserved": "2026-06-26T12:21:24.396Z",
        "dateUpdated": "2026-06-26T13:45:02.085Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57925 (GCVE-0-2026-57925)

    Vulnerability from cvelistv5 – Published: 2026-06-26 12:38 – Updated: 2026-06-26 13:45
    VLAI
    Summary
    In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains YouTrack Affected: 0 , < 2026.2.16593 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57925",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-26T13:26:51.590681Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-26T13:45:18.602Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "YouTrack",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.2.16593",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T12:38:19.039Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-57925",
        "datePublished": "2026-06-26T12:38:19.039Z",
        "dateReserved": "2026-06-26T12:21:24.090Z",
        "dateUpdated": "2026-06-26T13:45:18.602Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57924 (GCVE-0-2026-57924)

    Vulnerability from cvelistv5 – Published: 2026-06-26 12:38 – Updated: 2026-06-26 13:45
    VLAI
    Summary
    In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains YouTrack Affected: 0 , < 2026.2.16593 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57924",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-26T13:27:13.533690Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-26T13:45:33.441Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "YouTrack",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.2.16593",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T12:38:18.647Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-57924",
        "datePublished": "2026-06-26T12:38:18.647Z",
        "dateReserved": "2026-06-26T12:21:23.827Z",
        "dateUpdated": "2026-06-26T13:45:33.441Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57923 (GCVE-0-2026-57923)

    Vulnerability from cvelistv5 – Published: 2026-06-26 12:38 – Updated: 2026-06-26 13:45
    VLAI
    Summary
    In JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed modifying project settings
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains YouTrack Affected: 0 , < 2026.2.16593 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57923",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-26T13:27:33.706322Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-862",
                    "description": "CWE-862 Missing Authorization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-26T13:45:47.920Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "YouTrack",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.2.16593",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed modifying project settings"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T12:38:18.291Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-57923",
        "datePublished": "2026-06-26T12:38:18.291Z",
        "dateReserved": "2026-06-26T12:21:23.467Z",
        "dateUpdated": "2026-06-26T13:45:47.920Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57922 (GCVE-0-2026-57922)

    Vulnerability from cvelistv5 – Published: 2026-06-26 12:38 – Updated: 2026-06-26 13:46
    VLAI
    Summary
    In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains YouTrack Affected: 0 , < 2026.2.16593 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57922",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-26T13:27:56.424537Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-26T13:46:03.260Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "YouTrack",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.2.16593",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T12:38:17.932Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-57922",
        "datePublished": "2026-06-26T12:38:17.932Z",
        "dateReserved": "2026-06-26T12:21:23.232Z",
        "dateUpdated": "2026-06-26T13:46:03.260Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57921 (GCVE-0-2026-57921)

    Vulnerability from cvelistv5 – Published: 2026-06-26 12:38 – Updated: 2026-06-26 13:46
    VLAI
    Summary
    In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templates endpoint
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains YouTrack Affected: 0 , < 2026.2.16593 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57921",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-26T13:28:23.594340Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-26T13:46:22.254Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "YouTrack",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2026.2.16593",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users\u0027 private data via the comment templates endpoint"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T12:38:17.373Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2026-57921",
        "datePublished": "2026-06-26T12:38:17.373Z",
        "dateReserved": "2026-06-26T12:21:22.954Z",
        "dateUpdated": "2026-06-26T13:46:22.254Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }