Reflected XSS Vulnerability in JetBrains TeamCity
CVE-2026-49371

7.1HIGH

Key Information:

Vendor: Jetbrains
Status: Teamcity
Vendor: CVE Published:; 29 May 2026

What is CVE-2026-49371?

A reflected cross-site scripting (XSS) vulnerability was identified in JetBrains TeamCity versions prior to 2026.1.1. This weakness allows an attacker to inject malicious scripts into web pages that are viewed by other users. By exploiting this flaw, attackers can manipulate the behavior of the affected application, potentially leading to unauthorized actions or disclosure of sensitive information. Users are advised to update to the latest version to mitigate associated risks.

Affected Version(s)

TeamCity 0 < 2026.1.1

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2026
Vulnerability Reserved
May 29, 2026

CVE-2026-49371 Data

JSON

Jetbrains

What is CVE-2026-49371?

Affected Version(s)

References

CVSS V3.1

Timeline