Stored XSS Vulnerability in JetBrains TeamCity Affects Unauthenticated Agent Registration
CVE-2026-59795

8.1HIGH

Key Information:

Vendor

Jetbrains

Status
Vendor
CVE Published:
10 July 2026

What is CVE-2026-59795?

A stored XSS vulnerability exists in JetBrains TeamCity prior to version 2026.1.2, allowing attackers to exploit unauthenticated agent registration. This flaw could enable malicious users to inject harmful scripts stored on the server, which would execute in the browser of users interacting with the compromised application. Proper validation and sanitization of input data are essential for preventing such security breaches.

Affected Version(s)

TeamCity 0 < 2026.1.2

References

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.