Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Lifecycle Timeline
3DescriptionCVE.org
In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin
AnalysisAI
Insufficient username validation in the SAML plugin of JetBrains TeamCity before 2026.1 allows unauthenticated remote attackers to bypass authentication controls and gain unauthorized access to CI/CD resources. The flaw (CWE-863, Incorrect Authorization) permits manipulation of the username field within SAML assertions, potentially enabling impersonation of legitimate users and unauthorized read/write access to build configurations and pipeline data. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the SAML SSO plugin to be enabled and actively configured in the TeamCity instance - this is not the default authentication mode and must be explicitly set up by administrators. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 6.5 (Medium) score is underpinned by a vector of AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N - network-accessible, low complexity, requiring no privileges or user interaction, with partial confidentiality and integrity impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with network access to a TeamCity instance configured with SAML SSO crafts a SAML assertion containing a manipulated username attribute - either by acting as a rogue IdP trusted by the target or by intercepting and modifying an IdP response. TeamCity's SAML plugin fails to sufficiently validate the username, accepting the assertion and granting the attacker access as the impersonated user, potentially a project administrator with access to build pipelines, secrets, and source integrations. … |
| Remediation | Upgrade JetBrains TeamCity to version 2026.1 or later, which resolves the insufficient username validation in the SAML plugin. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Authentication bypass in JetBrains TeamCity allows remote unauthenticated attackers to gain unauthorized access to serve
In JetBrains TeamCity before 2024.12.2 several DOM-based XSS were possible on the Code Inspection Report tab. Rated medi
In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources. Rated h
Information disclosure in JetBrains TeamCity prior to version 2026.1 allows authenticated low-privilege users to read se
Server-side request forgery in JetBrains TeamCity versions prior to 2026.1 and 2025.11.5 allows remote unauthenticated a
Reflected cross-site scripting in JetBrains TeamCity before version 2026.1.1 allows remote attackers to execute arbitrar
Remote code execution in JetBrains TeamCity versions prior to 2026.1 is achievable by authenticated users who can config
Credential exposure in JetBrains TeamCity before version 2026.1 allows authenticated remote attackers to retrieve sensit
Reflected cross-site scripting on the TeamCity repository download page allows a remote unauthenticated attacker to inje
In JetBrains TeamCity before 2025.03.3 reflected XSS on the favoriteIcon page was possible
In JetBrains TeamCity before 2025.03.3 a DOM-based XSS at the Performance Monitor page was possible
In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possible. Rated medium se
Same weakness CWE-863 – Incorrect Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-33384
GHSA-qhvc-3ggx-6rj7