Stored XSS Vulnerability in JetBrains TeamCity Affecting Cloud Profile Page
CVE-2026-59794

7.3HIGH

Key Information:

Vendor

Jetbrains

Status
Vendor
CVE Published:
10 July 2026

What is CVE-2026-59794?

A stored XSS vulnerability exists in JetBrains TeamCity prior to version 2026.1.2, where malicious agent-reported data could be exploited to inject scripts into the cloud profile page. This could allow an attacker to execute arbitrary scripts in the context of the affected user’s session. Users are encouraged to update to the latest version to mitigate this risk.

Affected Version(s)

TeamCity 0 < 2026.1.2

References

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.