CVE-2026-49370
3.4 LOWIn JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests
Published: 2026-05-29 · Last updated: 2026-06-01
Severity and scoring
- CVSS
- 3.4 LOW
- Vector
- CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N
- CWE
- CWE-201
Affected products
| Vendor | Product |
|---|---|
| jetbrains | youtrack |
Description
In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-49386 — In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas (6.5 MEDIUM)
- CVE-2026-49385 — In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts (6.5 MEDIUM)
- CVE-2026-49384 — In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible (6.1 MEDIUM)
- CVE-2026-49383 — In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible (3.3 LOW)
- CVE-2026-49382 — In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin (4.5 MEDIUM)
Same CWE
- CVE-2026-46481 — OpenMetadata is a unified metadata platform (8.3 HIGH)
- CVE-2026-42539 — IRIS is a web collaborative platform that helps incident responders share technical details during investigations (6.5 MEDIUM)
- CVE-2026-45739 — Strawberry GraphQL is a library for creating GraphQL APIs (3.1 LOW)
- CVE-2026-4035 — A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which... (7.7 HIGH)
- CVE-2026-44653 — LibreChat is an enhanced ChatGPT clone that supports multiple AI providers (6.5 MEDIUM)