CVE-2026-49380
3.1 LOWIn JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible
Published: 2026-05-29 · Last updated: 2026-06-02
Severity and scoring
- CVSS
- 3.1 LOW
- Vector
- CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
- CWE
- CWE-601
Affected products
| Vendor | Product |
|---|---|
| jetbrains | teamcity |
Description
In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-49386 — In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas (6.5 MEDIUM)
- CVE-2026-49385 — In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts (6.5 MEDIUM)
- CVE-2026-49384 — In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible (6.1 MEDIUM)
- CVE-2026-49383 — In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible (3.3 LOW)
- CVE-2026-49382 — In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin (4.5 MEDIUM)
Same CWE
- CVE-2026-46616 — Umbraco is an ASP.NET CMS (5.4 MEDIUM)
- CVE-2026-48856 — Sensitive Data Exposure vulnerability in Erlang OTP inets (httpc_response module) allows Retrieve Embedded Sensitive Data
- CVE-2026-45566 — Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers (6.1 MEDIUM)
- CVE-2026-53440 — Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not ensure that the "from" parameter in the "Delegate to servlet container" secur... (4.3 MEDIUM)
- CVE-2026-53437 — Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenk... (4.3 MEDIUM)