Stored XSS Vulnerability in JetBrains TeamCity Affecting Cloud Profile Page
CVE-2026-59794
7.3HIGH
What is CVE-2026-59794?
A stored XSS vulnerability exists in JetBrains TeamCity prior to version 2026.1.2, where malicious agent-reported data could be exploited to inject scripts into the cloud profile page. This could allow an attacker to execute arbitrary scripts in the context of the affected user’s session. Users are encouraged to update to the latest version to mitigate this risk.
Affected Version(s)
TeamCity 0 < 2026.1.2