CVE-2026-49382
4.5 MEDIUMIn JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin
Published: 2026-05-29 · Last updated: 2026-06-01
Severity and scoring
- CVSS
- 4.5 MEDIUM
- Vector
- CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
- CWE
- CWE-1336
Affected products
| Vendor | Product |
|---|---|
| jetbrains | intellij_idea |
Description
In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-49386 — In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas (6.5 MEDIUM)
- CVE-2026-49385 — In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts (6.5 MEDIUM)
- CVE-2026-49384 — In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible (6.1 MEDIUM)
- CVE-2026-49383 — In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible (3.3 LOW)
- CVE-2026-49381 — In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible (3.4 LOW)
Same CWE
- CVE-2026-41065 — Tautulli is a Python based monitoring and tracking tool for Plex Media Server
- CVE-2026-34906 — Server-Side Template Injection (SSTI) in Wirtualna Uczelnia allows an unauthenticated attacker to perform Remote Code Execution (RCE)
- CVE-2026-42252 — Apache Airflow's official documentation at `core-concepts/dag-run.html` ("Passing Parameters when triggering Dags") showed a verbatim `Ba... (9.1 CRITICAL)
- CVE-2026-45697 — Formie is a Craft CMS plugin for creating forms (9.8 CRITICAL)
- CVE-2026-45312 — RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine (9.9 CRITICAL)