Open Redirect Vulnerability in JetBrains TeamCity SAML Plugin
CVE-2026-49380

3.1LOW

Key Information:

Vendor: Jetbrains
Status: Teamcity
Vendor: CVE Published:; 29 May 2026

What is CVE-2026-49380?

An open redirect vulnerability exists in the SAML plugin of JetBrains TeamCity prior to version 2026.1. This flaw could potentially allow an attacker to redirect users to malicious sites, posing a serious risk to user data and application integrity. Organizations utilizing TeamCity should ensure they are running the latest version to mitigate this security concern.

Affected Version(s)

TeamCity 0 < 2026.1

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2026
Vulnerability Reserved
May 29, 2026

CVE-2026-49380 Data

JSON

Jetbrains

What is CVE-2026-49380?

Affected Version(s)

References

CVSS V3.1

Timeline