CVE-2026-49373PATCHED

jetbrains · teamcity

CVE-2026-49373: In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings

Description

In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings

Affected Products

Vendor	Product	Versions
jetbrains	teamcity	0

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
jetbrains	teamcity	cert_advisory	90%

References

https://www.jetbrains.com/privacy-security/issues-fixed/

Related News (2 articles)

Tier B

BSI Advisories16d ago

[NEU] [mittel] JetBrains TeamCity: Mehrere Schwachstellen

→ No new info (linked only)

Tier C

VulDB19d ago

CVE-2026-49373 | JetBrains TeamCity up to 2025.11.3 argument injection

→ No new info (linked only)

CVSS 3.17.1 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CISA KEV❌ No

Actively exploited❌ No

Patch available

2026.1

CWECWE-88

PublishedMay 29, 2026

Last enriched19d agov2

Trending Score7

Source articles2

Independent2

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

PRE-CVE

Security vulnerability in JetBrains GoLand prior to 2026.1.3

Trending: 20

HIGHCVE-2026-49366

CVE-2026-49366: In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion

Trending: 7

MEDIUMCVE-2026-49376EXP

CVE-2026-49376: In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin

Trending: 6

HIGHCVE-2026-49374

CVE-2026-49374: In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters

Trending: 6

HIGHCVE-2026-49371

CVE-2026-49371: In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible

Trending: 6

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

May 29, 2026

Discovered by ZDM

May 29, 2026

Updated: description, severity

May 29, 2026

Patch Available

May 30, 2026

Version History

Last enriched 19d ago

v2Tier C19d ago

Updated severity to CRITICAL, changed description to include argument injection details, and noted that no exploit is available.

descriptionseverity

via VulDB

v119d ago

Initial creation