Stored XSS Vulnerability in JetBrains YouTrack Notification Templates
CVE-2026-49368

8.7HIGH

Key Information:

Vendor: Jetbrains
Status: Youtrack
Vendor: CVE Published:; 29 May 2026

What is CVE-2026-49368?

A stored XSS vulnerability has been identified in JetBrains YouTrack, specifically affecting the project notification templates. This issue allows an attacker to inject malicious scripts that could be executed when users view the notifications. The vulnerability is present in all versions of YouTrack prior to 2026.1.13162, necessitating immediate update for users to enhance their security posture.

Affected Version(s)

YouTrack 0 < 2026.1.13162

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2026
Vulnerability Reserved
May 29, 2026

CVE-2026-49368 Data

JSON

Jetbrains

What is CVE-2026-49368?

Affected Version(s)

References

CVSS V3.1

Timeline