CVE-2026-49366PATCHED

jetbrains · intellij_idea

CVE-2026-49366: In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion

Description

In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion

Affected Products

Vendor	Product	Versions
jetbrains	intellij_idea	0

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
jetbrains	intellij idea	cert_advisory	90%

References

https://www.jetbrains.com/privacy-security/issues-fixed/

Related News (2 articles)

Tier B

BSI Advisories16d ago

[NEU] [hoch] JetBrains IntelliJ IDEA: Mehrere Schwachstellen

→ No new info (linked only)

Tier C

VulDB19d ago

CVE-2026-49366 | JetBrains IntelliJ IDEA up to 2026.1.0 os command injection

→ No new info (linked only)

CVSS 3.17.8 HIGH

VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

Patch available

2026.1.1

CWECWE-78

PublishedMay 29, 2026

Last enriched19d agov2

Trending Score7

Source articles2

Independent2

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

PRE-CVE

Security vulnerability in JetBrains GoLand prior to 2026.1.3

Trending: 20

HIGHCVE-2026-49373

CVE-2026-49373: In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings

Trending: 7

MEDIUMCVE-2026-49376EXP

CVE-2026-49376: In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin

Trending: 6

HIGHCVE-2026-49374

CVE-2026-49374: In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters

Trending: 6

HIGHCVE-2026-49371

CVE-2026-49371: In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible

Trending: 6

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

May 29, 2026

Discovered by ZDM

May 29, 2026

Updated: severity, affectedVersions

May 29, 2026

Patch Available

May 30, 2026

Version History

Last enriched 19d ago

v2Tier C19d ago

Updated severity to CRITICAL and affected versions to include 2026.1.0.

severityaffectedVersions

via VulDB

v119d ago

Initial creation