JetBrains has recently addressed several significant security vulnerabilities in its widely-used software development and project management tools, including IntelliJ IDEA, TeamCity, and YouTrack. These updates are crucial for maintaining the integrity and security of development environments.
IntelliJ IDEA Vulnerability Resolved
A critical flaw identified as CVE-2026-59792 was found in IntelliJ IDEA. This vulnerability, related to improper path handling, could allow threat actors to exploit project workspace IDs to perform path traversal. Such a breach might lead to code execution within affected environments. Security researcher Antoni Tremblay brought this issue to light, and it has been rectified in IntelliJ IDEA versions 2026.1.4 and 2026.2.
TeamCity Security Improvements
TeamCity was found to have multiple high-severity vulnerabilities. One of these, CVE-2026-59793, involves arbitrary file access via Perforce VCS integration, reported by @maple3142. Additionally, two cross-site scripting (XSS) vulnerabilities, CVE-2026-59794 and CVE-2026-59795, were discovered. These issues could allow malicious scripts to be executed in user browsers. Both vulnerabilities are addressed in TeamCity version 2026.1.2.
Another issue, CVE-2026-59796, involves unauthorized pipeline modifications due to insufficient authorization checks. Reported by Alwion, this vulnerability could compromise build integrity and software supply chain security. JetBrains has advised users to update to the latest version to prevent exploitation.
YouTrack and Additional Security Measures
YouTrack also had a low-severity vulnerability, CVE-2026-59791, which involves CSS injection through Mermaid diagram rendering. While less severe, this could still alter page presentation, facilitating phishing or deception attacks. The vulnerability has been addressed in YouTrack version 2026.2.17012.
Organizations utilizing these JetBrains products are strongly recommended to upgrade to the latest software versions to mitigate these security risks. Administrators should review TeamCity agent registration settings, conduct audits on recent pipeline changes, and monitor access logs for any suspicious activities.
By addressing these vulnerabilities, JetBrains reaffirms its commitment to providing secure development tools and environments.
