Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Telegram 2FA Not Cracked, Attackers Hijack Logged-In Sessions
July 16, 2026
Dutch Police Dismantle €100M Investment Fraud Network, 20 Call Centers Shut Down
July 16, 2026
JetBrains Patches 6 Vulnerabilities in TeamCity, YouTrack, IntelliJ IDEA
July 16, 2026
Home/CyberSecurity News/JetBrains Patches 6 Vulnerabilities in TeamCity, YouTrack, IntelliJ IDEA
CyberSecurity News

JetBrains Patches 6 Vulnerabilities in TeamCity, YouTrack, IntelliJ IDEA

Key Takeaways JetBrains has released patches for six security vulnerabilities across its IntelliJ IDEA, TeamCity, and YouTrack products. A critical path traversal flaw (CVE-2026-59792) in IntelliJ...

Emy Elsamnoudy
Emy Elsamnoudy
July 16, 2026 3 Min Read
3 0

Key Takeaways

  • JetBrains has released patches for six security vulnerabilities across its IntelliJ IDEA, TeamCity, and YouTrack products.
  • A critical path traversal flaw (CVE-2026-59792) in IntelliJ IDEA could lead to remote code execution.
  • TeamCity was affected by four high-severity issues, including arbitrary file access and multiple stored cross-site scripting (XSS) vulnerabilities.
  • A low-severity CSS injection flaw (CVE-2026-59791) was addressed in YouTrack.
  • Users are urged to update their installations immediately to the patched versions.

JetBrains has issued critical security updates to address a total of six vulnerabilities impacting its widely used software development and project management tools, including IntelliJ IDEA, TeamCity, and YouTrack. These patches resolve issues ranging from critical code execution risks to high-severity cross-site scripting flaws and unauthorized configuration modifications.

Table Of Content

  • Key Takeaways
  • Critical Code Execution Flaw in IntelliJ IDEA
  • Multiple High-Severity Issues in TeamCity
  • Low-Severity CSS Injection in YouTrack
  • What You Should Do

Critical Code Execution Flaw in IntelliJ IDEA

The most severe vulnerability, identified as CVE-2026-59792, is a critical improper path handling flaw (CWE-23) discovered in IntelliJ IDEA. This vulnerability could allow an attacker to leverage specific project workspace ID processing to conduct path traversal attacks, potentially leading to arbitrary code execution within affected IntelliJ IDEA environments.

Security researcher Antoni Tremblay is credited with reporting this significant flaw. JetBrains has mitigated this issue in IntelliJ IDEA versions 2026.1.4 and 2026.2. Users are strongly advised to upgrade to these patched versions without delay.

Multiple High-Severity Issues in TeamCity

JetBrains’ continuous integration and delivery server, TeamCity, was found to be susceptible to four high-severity vulnerabilities. These issues could compromise build integrity, expose sensitive data, and facilitate client-side attacks.

  • Arbitrary File Access (CVE-2026-59793): Reported by researcher @maple3142, this CWE-73 vulnerability affects TeamCity 2026.1.2. It resides within the Perforce VCS integration and could permit arbitrary file access through externally controlled file or path references.
  • Stored Cross-Site Scripting (CVE-2026-59794 and CVE-2026-59795): Two distinct stored XSS vulnerabilities were identified. CVE-2026-59794 allows malicious JavaScript to be stored and executed when agent-reported data is displayed on the cloud profile page. CVE-2026-59795 can be triggered via unauthenticated agent registration. Successful exploitation of either XSS flaw could lead to session hijacking, unauthorized interface manipulation, or actions performed in the context of a logged-in TeamCity user.
  • Unauthorized Pipeline Modifications (CVE-2026-59796): Researcher Alwion reported this CWE-862 improper authorization check vulnerability. It could enable users to modify CI/CD pipeline configurations without the necessary permissions, posing substantial risks to build integrity and the overall software supply chain security.

All four high-severity vulnerabilities affecting TeamCity have been addressed in TeamCity version 2026.1.2. For a comprehensive list of fixed issues, users can refer to the JetBrains patched vulnerabilities page.

Low-Severity CSS Injection in YouTrack

JetBrains also resolved a low-severity vulnerability, CVE-2026-59791, in its project management and issue tracking tool, YouTrack. This issue, reported by Rohit Prasanth (h3ri0s), allows for CSS injection through Mermaid diagram rendering in YouTrack version 2026.2.17012.

While this CSS injection cannot directly execute scripts, it can be exploited to alter page presentation, potentially facilitating phishing attacks or user interface deception. Users of YouTrack should update to version 2026.2.17012 to mitigate this risk.

What You Should Do

  • Upgrade Immediately: All organizations utilizing the affected JetBrains products should upgrade to the patched versions without delay. Specifically, update to IntelliJ IDEA versions 2026.1.4 or 2026.2, TeamCity version 2026.1.2, and YouTrack version 2026.2.17012.
  • Review TeamCity Settings: Administrators should review their TeamCity agent registration settings to ensure only authorized agents can connect.
  • Audit Logs: Examine access logs for any unusual repository or file-access activity, especially in TeamCity environments.
  • Monitor Pipeline Changes: Audit recent CI/CD pipeline changes within TeamCity for any unauthorized modifications.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVEExploitPatchphishingSecurityVulnerability

Share Article

Emy Elsamnoudy

Emy Elsamnoudy

Emy is a cybersecurity analyst and reporter specializing in threat hunting, defense strategies, and industry trends. With expertise in proactive security measures, Emily covers the tools and techniques organizations use to detect and prevent cyber attacks. She is a regular speaker at security conferences and has contributed to industry reports on threat intelligence and security operations. Emily's reporting focuses on helping organizations improve their security posture through practical, actionable insights.

Previous Post

WhatsApp GhostPairing Flaw Lets Attackers Hijack Accounts

Next Post

Dutch Police Dismantle €100M Investment Fraud Network, 20 Call Centers Shut Down

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
GPT-Red Tool Finds Prompt Injection Vulnerabilities in GPT 5.6 Sol
July 16, 2026
Kratos PhaaS Attacks Microsoft 365 Users to Steal Credentials
July 16, 2026
Critical Zoom Windows Flient Flaw Lets Attackers Take Over Accounts via Network
July 16, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Emy Elsamnoudy
Emy Elsamnoudy
Jennifer sherman
Jennifer sherman
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us