CVE-2026-49372
7.5 HIGHIn JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible
Published: 2026-05-29 · Last updated: 2026-06-02
Severity and scoring
- CVSS
- 7.5 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- CWE
- CWE-918
Affected products
| Vendor | Product |
|---|---|
| jetbrains | teamcity |
Description
In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-49386 — In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas (6.5 MEDIUM)
- CVE-2026-49385 — In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts (6.5 MEDIUM)
- CVE-2026-49384 — In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible (6.1 MEDIUM)
- CVE-2026-49383 — In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible (3.3 LOW)
- CVE-2026-49382 — In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin (4.5 MEDIUM)
Same CWE
- CVE-2025-60175 — Administrator Server Side Request Forgery (SSRF) in PopAd <= 1.0.4 versions (4.4 MEDIUM)
- CVE-2026-12210 — A vulnerability was detected in universal-tool-calling-protocol python-utcp 1.1.0 (6.3 MEDIUM)
- CVE-2026-53827 — OpenClaw before 2026.5.2 contains a credential exposure vulnerability in message.action forwarding that allows model-controlled metadata ... (6.5 MEDIUM)
- CVE-2026-47268 — Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool (6.4 MEDIUM)
- CVE-2026-46717 — Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool (7.7 HIGH)