Skip to main content

Teamcity CVE-2026-28196

LOW
Incomplete Cleanup (CWE-459)
2026-02-25 cve@jetbrains.com
2.3
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
2.3 LOW
AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
CVE Published
Feb 25, 2026 - 14:16 nvd
LOW 2.3

DescriptionCVE.org

In JetBrains TeamCity before 2025.11.3 disabling versioned settings left a credentials config on disk

AnalysisAI

In JetBrains TeamCity before 2025.11.3 disabling versioned settings left a credentials config on disk [CVSS 2.3 LOW]

Technical ContextAI

Classified as CWE-459 (Incomplete Cleanup). Affects Teamcity. In JetBrains TeamCity before 2025.11.3 disabling versioned settings left a credentials config on disk

RemediationAI

Monitor vendor advisories for a patch.

CVE-2024-27198 CRITICAL POC
9.8 Mar 04

In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible. Rated criti

CVE-2023-42793 CRITICAL POC
9.8 Sep 19

In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible. Rated criti

CVE-2024-23917 CRITICAL POC
9.8 Feb 06

In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible. Rated critical severity (CVSS

CVE-2024-41827 CRITICAL
9.8 Jul 22

In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration. Rated critical s

CVE-2024-36470 CRITICAL
9.8 May 29

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 authentication bypass was possible in specific e

CVE-2023-34218 CRITICAL
9.8 May 31

In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible. Rated c

CVE-2022-25263 CRITICAL
9.8 Feb 25

JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration. Rated

CVE-2022-24340 CRITICAL
9.8 Feb 25

In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible. Rated critical sev

CVE-2022-24331 CRITICAL
9.8 Feb 25

In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible. Rated critical severity (CVSS 9

CVE-2021-43202 CRITICAL
9.8 Nov 30

In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases. Rated critical severity (CVS

CVE-2021-43200 CRITICAL
9.8 Nov 09

In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insufficient. Rated critic

CVE-2021-43193 CRITICAL
9.8 Nov 09

In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible. Rated critica

Share

CVE-2026-28196 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy