Multiple security vulnerabilities have been identified in JetBrains products, including YouTrack, IntelliJ IDEA, and TeamCity. These vulnerabilities pose a significant risk to developers and administrators who use these tools, as they can be exploited to gain administrative access or execute malicious code. The affected version ranges include YouTrack builds before 2026, prior to 2026.1.4 for IntelliJ IDEA, and prior to 2026.1.2 for TeamCity.
CVE-2026-62422 (CVSS 10.0): An authentication bypass vulnerability in YouTrack allows an attacker to gain administrative access via direct database access.[/subscribe_to_unlock_form]
Multiple security vulnerabilities have been identified in JetBrains products, including YouTrack, IntelliJ IDEA, and TeamCity. These vulnerabilities pose a significant risk to developers and administrators who use these tools, as they can be exploited to gain administrative access or execute malicious code. The affected version ranges include YouTrack builds before 2026, prior to 2026.1.4 for IntelliJ IDEA, and prior to 2026.1.2 for TeamCity.
CVE-2026-62422 (CVSS 10.0): An authentication bypass vulnerability in YouTrack allows an attacker to gain administrative access via direct database access.[emaillocker id="1283"]
CVE-2026-59792 (CVSS 9.6): A critical flaw in IntelliJ IDEA enables code execution through path traversal in project workspace ID handling.
CVE-2026-59793 (CVSS 8.8): Arbitrary file access is possible in TeamCity due to a vulnerability in the Perforce VCS integration.
CVE-2026-59796 (CVSS 8.1): Improper permission checks in TeamCity permit pipeline modification.
CVE-2026-59795 (CVSS 8.1): A stored XSS bug allows unauthenticated agent registration in TeamCity.
CVE-2026-59794 (CVSS 7.3): Another stored XSS bug affects the cloud profile page in TeamCity, allowing an attacker to inject malicious data. These vulnerabilities collectively present a significant risk to developers and administrators who use JetBrains products. Administrators should update their installations as soon as possible to mitigate this risk. These vulnerabilities collectively present a significant risk to developers and administrators who use JetBrains products.
These vulnerabilities collectively present a significant risk to developers and administrators who use JetBrains products.
We recommend you to update YouTrack to build 2026.1.13757 or the fixed build for their release line, IntelliJ IDEA to update 2026.1.4 or 2026.2, and TeamCity operators should upgrade to 2026.1.2.
The following reports contain further technical details:
[/emaillocker]