DOM-based XSS Vulnerability in JetBrains PyCharm Affects Jupyter Viewer Page
CVE-2026-25847

8.2HIGH

Key Information:

Vendor

Jetbrains
Status
Pycharm
Vendor
CVE Published:
9 February 2026

What is CVE-2026-25847?

The JetBrains PyCharm IDE, prior to version 2025.3.2, is susceptible to a DOM-based Cross-Site Scripting (XSS) vulnerability affecting the Jupyter viewer page. This flaw allows attackers to execute arbitrary JavaScript in the context of the user's browser, leading to potential unauthorized access and data manipulation. Users are advised to upgrade to the latest version to mitigate the risks associated with this vulnerability.

Affected Version(s)

PyCharm 0 < 2025.3.2

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.