Command Injection Vulnerability in JetBrains IntelliJ IDEA
CVE-2026-49366

7.8HIGH

Key Information:

Vendor: Jetbrains
Status: Intellij Idea
Vendor: CVE Published:; 29 May 2026

What is CVE-2026-49366?

A command injection vulnerability was discovered in JetBrains IntelliJ IDEA prior to version 2026.1.1 which could be exploited via filename completion. This flaw allows an attacker to inject arbitrary commands, potentially compromising the system by executing harmful code. Users of the affected IntelliJ products are advised to update to the latest version to mitigate these security risks.

Affected Version(s)

IntelliJ IDEA 0 < 2026.1.1

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2026
Vulnerability Reserved
May 29, 2026

CVE-2026-49366 Data

JSON

Jetbrains

What is CVE-2026-49366?

Affected Version(s)

References

CVSS V3.1

Timeline