Zero Day MonitorZDM

← Back to list

2.6

CVE-2026-57926EXPLOITEDPATCHED

jetbrains · youtrack

CVE-2026-57926: In JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vulnerable to a prototype pollution attack

Description

In JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vulnerable to a prototype pollution attack

Affected Products

Vendor	Product	Versions
jetbrains	youtrack	0, 2026.1.13570

References

https://www.jetbrains.com/privacy-security/issues-fixed/

Related News (1 articles)

Tier C

VulDB1d ago

CVE-2026-57926 | JetBrains YouTrack up to 2026.1.13570 prototype pollution

→ No new info (linked only)

CVSS 3.12.6 MEDIUM

VectorCVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

2026.2.16593

CWECWE-1321

PublishedJun 26, 2026

Last enriched1d agov2

Trending Score35

Source articles1

Independent1

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-57924EXP

CVE-2026-57924: In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details

MEDIUMCVE-2026-57922EXP

CVE-2026-57922: In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible

MEDIUMCVE-2026-53914

CVE-2026-53914: In JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deserialization in the build cache metadata

HIGHCVE-2026-57921

CVE-2026-57921: In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment te

MEDIUMCVE-2026-57925

CVE-2026-57925: In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 26, 2026

Discovered by ZDM

Jun 26, 2026

Actively Exploited

Jun 26, 2026

Patch Available

Jun 26, 2026

Updated: affectedVersions, severity, activelyExploited

Jun 26, 2026

Version History

v2

Last enriched 1d ago

v2Tier C1d ago

Updated affected versions to include 2026.1.13570, changed severity to MEDIUM, and noted that the exploit is not available but the vulnerability is actively exploited.

affectedVersionsseverityactivelyExploited

via VulDB

v11d ago

Initial creation