Jetbrains: Security Vulnerabilities
In JetBrains YouTrack before 2025.3.131383 high privileged user can achieve RCE via sandbox bypass
CVSS Score
7.2
EPSS Score
0.0
Published
2026-04-17
In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings
CVSS Score
6.3
EPSS Score
0.0
Published
2026-03-13
In JetBrains Hub before 2026.1 possible on sign-in account mismatch with non-SSO auth and 2FA disabled
CVSS Score
6.8
EPSS Score
0.0
Published
2026-03-11
In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add parameters to build configurations
CVSS Score
4.3
EPSS Score
0.0
Published
2026-02-25
In JetBrains TeamCity before 2025.11.3 disabling versioned settings left a credentials config on disk
CVSS Score
2.3
EPSS Score
0.0
Published
2026-02-25
In JetBrains YouTrack before 2025.3.121962 apps were able to send requests to the app permissions endpoint
CVSS Score
8.8
EPSS Score
0.0
Published
2026-02-25
In JetBrains TeamCity before 2025.11.3 open redirect was possible in the React project creation flow
CVSS Score
4.3
EPSS Score
0.0
Published
2026-02-25
In JetBrains PyCharm before 2025.3.2 a DOM-based XSS on Jupyter viewer page was possible
CVSS Score
8.2
EPSS Score
0.0
Published
2026-02-09
In JetBrains Hub before 2025.3.119807 authentication bypass allowing administrative actions was possible
CVSS Score
9.1
EPSS Score
0.0
Published
2026-02-09
In JetBrains YouTrack before 2025.3.119033 access tokens could be exposed in Mailbox logs
CVSS Score
6.5
EPSS Score
0.0
Published
2026-02-09
Page 1