Unauthorized File Access in JetBrains IntelliJ IDEA by JetBrains
CVE-2026-41882

7.4HIGH

Key Information:

Vendor: Jetbrains
Status: Intellij Idea
Vendor: CVE Published:; 30 April 2026

What is CVE-2026-41882?

In JetBrains IntelliJ IDEA versions prior to 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, and 2026.1.1, a vulnerability exists that allows attackers to read arbitrary local files through the application's built-in web server. This issue could potentially lead to the exposure of sensitive information stored on the local file system, thereby compromising the security of affected systems.

Affected Version(s)

IntelliJ IDEA 0 < 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, 2026.1.1

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2026
Vulnerability Reserved
Apr 22, 2026

CVE-2026-41882 Data

JSON

Jetbrains

What is CVE-2026-41882?

Affected Version(s)

References

CVSS V3.1

Timeline