Security Vulnerabilities - CVEs Published In May 2026
In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings
CVSS Score
7.1
EPSS Score
0.0
Published
2026-05-29
In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters
CVSS Score
7.6
EPSS Score
0.0
Published
2026-05-29
In JetBrains TeamCity before 2026.1,
2025.11.5 reflected XSS was possible on the repository download page
CVSS Score
6.1
EPSS Score
0.001
Published
2026-05-29
In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin
CVSS Score
6.5
EPSS Score
0.0
Published
2026-05-29
In JetBrains TeamCity before 2025.11.2 exposure of sensitive data via default agent parameters
CVSS Score
4.3
EPSS Score
0.0
Published
2026-05-29
In JetBrains TeamCity before 2026.1 credentials parameters were exposed via parameter autocompletion
CVSS Score
4.3
EPSS Score
0.0
Published
2026-05-29
In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names
CVSS Score
6.5
EPSS Score
0.0
Published
2026-05-29
In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible
CVSS Score
3.1
EPSS Score
0.0
Published
2026-05-29
In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion
CVSS Score
7.8
EPSS Score
0.0
Published
2026-05-29
In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account
CVSS Score
8.0
EPSS Score
0.0
Published
2026-05-29