Vulnerability Details CVE-2026-49381
In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 5.5%
CVSS Severity
CVSS v3 Score 3.4
Products affected by CVE-2026-49381
-
cpe:2.3:a:jetbrains:teamcity:-
-
cpe:2.3:a:jetbrains:teamcity:10.0
-
cpe:2.3:a:jetbrains:teamcity:10.0.1
-
cpe:2.3:a:jetbrains:teamcity:10.0.2
-
cpe:2.3:a:jetbrains:teamcity:10.0.3
-
cpe:2.3:a:jetbrains:teamcity:10.0.4
-
cpe:2.3:a:jetbrains:teamcity:10.0.5
-
cpe:2.3:a:jetbrains:teamcity:2.0
-
cpe:2.3:a:jetbrains:teamcity:2.1
-
cpe:2.3:a:jetbrains:teamcity:2017.1
-
cpe:2.3:a:jetbrains:teamcity:2017.1.1
-
cpe:2.3:a:jetbrains:teamcity:2017.1.2
-
cpe:2.3:a:jetbrains:teamcity:2017.1.3
-
cpe:2.3:a:jetbrains:teamcity:2017.1.4
-
cpe:2.3:a:jetbrains:teamcity:2017.1.5
-
cpe:2.3:a:jetbrains:teamcity:2017.2
-
cpe:2.3:a:jetbrains:teamcity:2017.2.1
-
cpe:2.3:a:jetbrains:teamcity:2017.2.2
-
cpe:2.3:a:jetbrains:teamcity:2017.2.3
-
cpe:2.3:a:jetbrains:teamcity:2017.2.4
-
cpe:2.3:a:jetbrains:teamcity:2018.1
-
cpe:2.3:a:jetbrains:teamcity:2018.1.1
-
cpe:2.3:a:jetbrains:teamcity:2018.1.2
-
cpe:2.3:a:jetbrains:teamcity:2018.1.3
-
cpe:2.3:a:jetbrains:teamcity:2018.1.4
-
cpe:2.3:a:jetbrains:teamcity:2018.1.5
-
cpe:2.3:a:jetbrains:teamcity:2018.2
-
cpe:2.3:a:jetbrains:teamcity:2018.2.1
-
cpe:2.3:a:jetbrains:teamcity:2018.2.2
-
cpe:2.3:a:jetbrains:teamcity:2018.2.3
-
cpe:2.3:a:jetbrains:teamcity:2018.2.4
-
cpe:2.3:a:jetbrains:teamcity:2018.2.5
-
cpe:2.3:a:jetbrains:teamcity:2019.1
-
cpe:2.3:a:jetbrains:teamcity:2019.1.1
-
cpe:2.3:a:jetbrains:teamcity:2019.1.2
-
cpe:2.3:a:jetbrains:teamcity:2019.1.3
-
cpe:2.3:a:jetbrains:teamcity:2019.1.4
-
cpe:2.3:a:jetbrains:teamcity:2019.1.5
-
cpe:2.3:a:jetbrains:teamcity:2019.2.0
-
cpe:2.3:a:jetbrains:teamcity:2019.2.1
-
cpe:2.3:a:jetbrains:teamcity:2019.2.2
-
cpe:2.3:a:jetbrains:teamcity:2019.2.3
-
cpe:2.3:a:jetbrains:teamcity:2020.1
-
cpe:2.3:a:jetbrains:teamcity:2020.1.1
-
cpe:2.3:a:jetbrains:teamcity:2020.1.2
-
cpe:2.3:a:jetbrains:teamcity:2020.1.3
-
cpe:2.3:a:jetbrains:teamcity:2020.1.4
-
cpe:2.3:a:jetbrains:teamcity:2020.1.5
-
cpe:2.3:a:jetbrains:teamcity:2020.2
-
cpe:2.3:a:jetbrains:teamcity:2020.2.1
-
cpe:2.3:a:jetbrains:teamcity:2020.2.2
-
cpe:2.3:a:jetbrains:teamcity:2020.2.3
-
cpe:2.3:a:jetbrains:teamcity:2020.2.85695
-
cpe:2.3:a:jetbrains:teamcity:2021.2
-
cpe:2.3:a:jetbrains:teamcity:2022.04
-
cpe:2.3:a:jetbrains:teamcity:2022.04.1
-
cpe:2.3:a:jetbrains:teamcity:2022.04.2
-
cpe:2.3:a:jetbrains:teamcity:2022.04.3
-
cpe:2.3:a:jetbrains:teamcity:2022.04.4
-
cpe:2.3:a:jetbrains:teamcity:2022.04.5
-
cpe:2.3:a:jetbrains:teamcity:2022.04.6
-
cpe:2.3:a:jetbrains:teamcity:2022.04.7
-
cpe:2.3:a:jetbrains:teamcity:2022.10
-
cpe:2.3:a:jetbrains:teamcity:2022.10.1
-
cpe:2.3:a:jetbrains:teamcity:2022.10.2
-
cpe:2.3:a:jetbrains:teamcity:2022.10.3
-
cpe:2.3:a:jetbrains:teamcity:2022.10.4
-
cpe:2.3:a:jetbrains:teamcity:2022.10.5
-
cpe:2.3:a:jetbrains:teamcity:2022.10.6
-
cpe:2.3:a:jetbrains:teamcity:2023.05
-
cpe:2.3:a:jetbrains:teamcity:2023.05.1
-
cpe:2.3:a:jetbrains:teamcity:2023.05.2
-
cpe:2.3:a:jetbrains:teamcity:2023.05.3
-
cpe:2.3:a:jetbrains:teamcity:2023.05.4
-
cpe:2.3:a:jetbrains:teamcity:2023.05.5
-
cpe:2.3:a:jetbrains:teamcity:2023.05.6
-
cpe:2.3:a:jetbrains:teamcity:2023.11
-
cpe:2.3:a:jetbrains:teamcity:2023.11.1
-
cpe:2.3:a:jetbrains:teamcity:2023.11.2
-
cpe:2.3:a:jetbrains:teamcity:2023.11.3
-
cpe:2.3:a:jetbrains:teamcity:2023.11.4
-
cpe:2.3:a:jetbrains:teamcity:2023.11.5
-
cpe:2.3:a:jetbrains:teamcity:2024.03
-
cpe:2.3:a:jetbrains:teamcity:2024.03.1
-
cpe:2.3:a:jetbrains:teamcity:2024.03.2
-
cpe:2.3:a:jetbrains:teamcity:2024.03.3
-
cpe:2.3:a:jetbrains:teamcity:2024.07
-
cpe:2.3:a:jetbrains:teamcity:2024.07.1
-
cpe:2.3:a:jetbrains:teamcity:2024.07.2
-
cpe:2.3:a:jetbrains:teamcity:2024.07.3
-
cpe:2.3:a:jetbrains:teamcity:2024.12
-
cpe:2.3:a:jetbrains:teamcity:2024.12.1
-
cpe:2.3:a:jetbrains:teamcity:2024.12.2
-
cpe:2.3:a:jetbrains:teamcity:2024.12.3
-
cpe:2.3:a:jetbrains:teamcity:2025.03
-
cpe:2.3:a:jetbrains:teamcity:2025.03.1
-
cpe:2.3:a:jetbrains:teamcity:2025.03.2
-
cpe:2.3:a:jetbrains:teamcity:2025.03.3
-
cpe:2.3:a:jetbrains:teamcity:2025.07
-
cpe:2.3:a:jetbrains:teamcity:2025.07.1
-
cpe:2.3:a:jetbrains:teamcity:2025.07.2
-
cpe:2.3:a:jetbrains:teamcity:2025.11
-
cpe:2.3:a:jetbrains:teamcity:2025.11.1
-
cpe:2.3:a:jetbrains:teamcity:2025.11.2
-
cpe:2.3:a:jetbrains:teamcity:2025.11.3
-
cpe:2.3:a:jetbrains:teamcity:2025.11.4
-
cpe:2.3:a:jetbrains:teamcity:2025.11.5
-
cpe:2.3:a:jetbrains:teamcity:3.0
-
cpe:2.3:a:jetbrains:teamcity:3.1
-
cpe:2.3:a:jetbrains:teamcity:4.0
-
cpe:2.3:a:jetbrains:teamcity:4.0.1
-
cpe:2.3:a:jetbrains:teamcity:4.0.2
-
cpe:2.3:a:jetbrains:teamcity:4.5
-
cpe:2.3:a:jetbrains:teamcity:5.0
-
cpe:2.3:a:jetbrains:teamcity:5.1
-
cpe:2.3:a:jetbrains:teamcity:6.0
-
cpe:2.3:a:jetbrains:teamcity:6.5
-
cpe:2.3:a:jetbrains:teamcity:7.0
-
cpe:2.3:a:jetbrains:teamcity:7.1
-
cpe:2.3:a:jetbrains:teamcity:8.0
-
cpe:2.3:a:jetbrains:teamcity:8.0.1
-
cpe:2.3:a:jetbrains:teamcity:8.0.2
-
cpe:2.3:a:jetbrains:teamcity:8.0.3
-
cpe:2.3:a:jetbrains:teamcity:8.0.4
-
cpe:2.3:a:jetbrains:teamcity:8.0.5
-
cpe:2.3:a:jetbrains:teamcity:8.0.6
-
cpe:2.3:a:jetbrains:teamcity:8.1
-
cpe:2.3:a:jetbrains:teamcity:8.1.1
-
cpe:2.3:a:jetbrains:teamcity:8.1.2
-
cpe:2.3:a:jetbrains:teamcity:8.1.3
-
cpe:2.3:a:jetbrains:teamcity:8.1.4
-
cpe:2.3:a:jetbrains:teamcity:8.1.5
-
cpe:2.3:a:jetbrains:teamcity:9.0
-
cpe:2.3:a:jetbrains:teamcity:9.0.1
-
cpe:2.3:a:jetbrains:teamcity:9.0.2
-
cpe:2.3:a:jetbrains:teamcity:9.0.3
-
cpe:2.3:a:jetbrains:teamcity:9.0.4
-
cpe:2.3:a:jetbrains:teamcity:9.0.5
-
cpe:2.3:a:jetbrains:teamcity:9.1
-
cpe:2.3:a:jetbrains:teamcity:9.1.1
-
cpe:2.3:a:jetbrains:teamcity:9.1.2
-
cpe:2.3:a:jetbrains:teamcity:9.1.3
-
cpe:2.3:a:jetbrains:teamcity:9.1.4
-
cpe:2.3:a:jetbrains:teamcity:9.1.5
-
cpe:2.3:a:jetbrains:teamcity:9.1.6
-
cpe:2.3:a:jetbrains:teamcity:9.1.7