Skip to main content

JetBrains TeamCity CVE-2026-49377

| EUVDEUVD-2026-33385 MEDIUM
Cleartext Storage of Sensitive Information in an Environment Variable (CWE-526)
2026-05-29 JetBrains GHSA-pm3g-f677-ppfg
4.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

2
Patch available
May 29, 2026 - 20:02 EUVD
Analysis Generated
May 29, 2026 - 18:58 vuln.today

DescriptionCVE.org

In JetBrains TeamCity before 2025.11.2 exposure of sensitive data via default agent parameters

AnalysisAI

Sensitive data exposure in JetBrains TeamCity before 2025.11.2 allows authenticated low-privileged users to read confidential values stored in default build agent parameters. The root cause (CWE-526) indicates that sensitive information - such as API keys, tokens, or credentials - is passed or stored through agent environment/configuration parameters without adequate access restrictions. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate with low-privilege TeamCity account
Delivery
Navigate to default agent parameter configuration
Exploit
Read sensitive values stored in cleartext
Execution
Extract credentials or tokens
Impact
Use exfiltrated secrets to access downstream systems

Vulnerability AssessmentAI

Exploitation Exploitation requires a valid TeamCity account with at minimum low-level privileges sufficient to view default agent parameters - confirmed by CVSS PR:L. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS score of 4.3 (Medium) reflects a constrained but real-world risk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated low-privileged TeamCity user - such as a developer with project-level access - navigates to the build agent configuration or parameter settings page and observes default agent parameters that expose sensitive values such as deployment tokens or internal API keys in cleartext. No public exploit code exists for this issue, but the steps are trivially reproducible by any valid user with sufficient UI access. …
Remediation Upgrade JetBrains TeamCity to version 2025.11.2 or later, as this is the vendor-confirmed patched release per the advisory at https://www.jetbrains.com/privacy-security/issues-fixed/. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-44413 HIGH
8.2 May 11

Authentication bypass in JetBrains TeamCity allows remote unauthenticated attackers to gain unauthorized access to serve

CVE-2025-26493 MEDIUM
4.6 Feb 11

In JetBrains TeamCity before 2024.12.2 several DOM-based XSS were possible on the Code Inspection Report tab. Rated medi

CVE-2025-26492 HIGH
7.7 Feb 11

In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources. Rated h

CVE-2026-49374 HIGH
7.6 May 29

Information disclosure in JetBrains TeamCity prior to version 2026.1 allows authenticated low-privilege users to read se

CVE-2026-49372 HIGH
7.5 May 29

Server-side request forgery in JetBrains TeamCity versions prior to 2026.1 and 2025.11.5 allows remote unauthenticated a

CVE-2026-49371 HIGH
7.1 May 29

Reflected cross-site scripting in JetBrains TeamCity before version 2026.1.1 allows remote attackers to execute arbitrar

CVE-2026-49373 HIGH
7.1 May 29

Remote code execution in JetBrains TeamCity versions prior to 2026.1 is achievable by authenticated users who can config

CVE-2026-49379 MEDIUM
6.5 May 29

Credential exposure in JetBrains TeamCity before version 2026.1 allows authenticated remote attackers to retrieve sensit

CVE-2026-49376 MEDIUM
6.5 May 29

Insufficient username validation in the SAML plugin of JetBrains TeamCity before 2026.1 allows unauthenticated remote at

CVE-2026-49375 MEDIUM
6.1 May 29

Reflected cross-site scripting on the TeamCity repository download page allows a remote unauthenticated attacker to inje

CVE-2025-52876 MEDIUM
5.4 Jun 23

In JetBrains TeamCity before 2025.03.3 reflected XSS on the favoriteIcon page was possible

CVE-2025-52875 MEDIUM
5.4 Jun 23

In JetBrains TeamCity before 2025.03.3 a DOM-based XSS at the Performance Monitor page was possible

Share

CVE-2026-49377 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy