Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Lifecycle Timeline
3DescriptionCVE.org
In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters
AnalysisAI
Information disclosure in JetBrains TeamCity prior to version 2026.1 allows authenticated low-privilege users to read sensitive build configuration parameters they should not have access to due to missing authorization checks. The flaw carries a CVSS 7.6 score driven by high confidentiality impact on a network-reachable CI/CD server, though no public exploit identified at time of analysis. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Attacker must hold a valid authenticated TeamCity account with at least low-privilege access (PR:L in the CVSS vector), so the server must be reachable by the attacker and they must possess or obtain working credentials - for example a developer, contractor, build-agent service account, or any role created via SSO/LDAP that grants basic TeamCity login. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS vector AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L describes a remote, low-complexity attack requiring only low privileges and no user interaction, which is realistic for a multi-tenant CI server where many developers, contractors, and service accounts hold basic project-viewer roles. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A contractor or compromised developer account with only a basic project-viewer role on one team's project authenticates to the TeamCity REST API and issues a parameter-enumeration request against a build configuration belonging to a different, higher-privileged project. Because the authorization check is missing, the server returns the parameter values - including deployment credentials and cloud API tokens - which the attacker then uses to pivot into production infrastructure outside TeamCity. … |
| Remediation | Vendor-released patch: TeamCity 2026.1 - upgrade on-premises servers to 2026.1 or later as the primary fix, following the JetBrains upgrade guidance referenced from https://www.jetbrains.com/privacy-security/issues-fixed/. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Audit all credentials currently stored in TeamCity build configuration parameters and review access logs for signs of unauthorized disclosure. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Authentication bypass in JetBrains TeamCity allows remote unauthenticated attackers to gain unauthorized access to serve
In JetBrains TeamCity before 2024.12.2 several DOM-based XSS were possible on the Code Inspection Report tab. Rated medi
In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources. Rated h
Server-side request forgery in JetBrains TeamCity versions prior to 2026.1 and 2025.11.5 allows remote unauthenticated a
Reflected cross-site scripting in JetBrains TeamCity before version 2026.1.1 allows remote attackers to execute arbitrar
Remote code execution in JetBrains TeamCity versions prior to 2026.1 is achievable by authenticated users who can config
Credential exposure in JetBrains TeamCity before version 2026.1 allows authenticated remote attackers to retrieve sensit
Insufficient username validation in the SAML plugin of JetBrains TeamCity before 2026.1 allows unauthenticated remote at
Reflected cross-site scripting on the TeamCity repository download page allows a remote unauthenticated attacker to inje
In JetBrains TeamCity before 2025.03.3 reflected XSS on the favoriteIcon page was possible
In JetBrains TeamCity before 2025.03.3 a DOM-based XSS at the Performance Monitor page was possible
In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possible. Rated medium se
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-33382
GHSA-pqrm-v5f6-j44f