Stored XSS Vulnerability in JetBrains TeamCity Affects Unauthenticated Agent Registration
CVE-2026-59795
8.1HIGH
What is CVE-2026-59795?
A stored XSS vulnerability exists in JetBrains TeamCity prior to version 2026.1.2, allowing attackers to exploit unauthenticated agent registration. This flaw could enable malicious users to inject harmful scripts stored on the server, which would execute in the browser of users interacting with the compromised application. Proper validation and sanitization of input data are essential for preventing such security breaches.
Affected Version(s)
TeamCity 0 < 2026.1.2