CVE-2026-49385
6.5 MEDIUMIn JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts
Published: 2026-05-29 · Last updated: 2026-06-01
Severity and scoring
- CVSS
- 6.5 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
- CWE
- CWE-862
Affected products
| Vendor | Product |
|---|---|
| jetbrains | youtrack |
Description
In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-49386 — In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas (6.5 MEDIUM)
- CVE-2026-49384 — In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible (6.1 MEDIUM)
- CVE-2026-49383 — In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible (3.3 LOW)
- CVE-2026-49382 — In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin (4.5 MEDIUM)
- CVE-2026-49381 — In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible (3.4 LOW)
Same CWE
- CVE-2026-46645 — SQLAdmin is a flexible Admin interface for SQLAlchemy models (4.3 MEDIUM)
- CVE-2026-53634 — Sharp is a content management framework built for Laravel as a package (4.3 MEDIUM)
- CVE-2026-0272 — A privilege escalation vulnerability in Palo Alto Networks PAN-OS® software allows an authenticated administrator with access to the Comm...
- CVE-2026-49822 — Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes (7.7 HIGH)
- CVE-2026-49821 — Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes (7.7 HIGH)