Information Disclosure in JetBrains YouTrack Affects User and Group Pages
CVE-2026-49369

4.3MEDIUM

Key Information:

Vendor

Jetbrains
Status
Youtrack
Vendor
CVE Published:
29 May 2026

What is CVE-2026-49369?

In JetBrains YouTrack prior to version 2026.1.13162, an information disclosure vulnerability exists that affects the Users and Groups pages. This flaw could potentially expose sensitive user information, allowing unauthorized entities to view data that should remain confidential.

Affected Version(s)

YouTrack 0 < 2026.1.13162

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.