Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Description ties the bypass to 'direct database access,' a privileged prerequisite, so PR:H rather than vendor's PR:N; once met, complexity is low and impact is total (C/I/A:H).
Primary rating from Vendor (JetBrains).
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
7DescriptionNVD
In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 authentication bypass via direct database access leading to administrative access was possible
AnalysisAI
Authentication bypass in JetBrains Hub (the identity and account-management server behind TeamCity, YouTrack, and other JetBrains tools) lets an actor obtain administrative access by going through direct database access, per JetBrains' own advisory. Classified under CWE-306 (Missing Authentication for a Critical Function) and vendor-scored CVSS 9.8, it affects all builds before the fixed 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, and 2024.2.148429 releases. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The CVE description names the mechanism: the bypass occurs 'via direct database access,' so the concrete prerequisite is the ability to reach and interact with JetBrains Hub's backend database directly, which then yields administrative access. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals conflict, and that conflict is the headline. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who can reach JetBrains Hub's backend database - via a misconfigured/exposed database port, a foothold on an adjacent internal host, or reused DB credentials - leverages the missing authentication check to assert administrative identity in Hub without valid login. With admin control of the identity hub, they create or escalate accounts and pivot into federated products such as TeamCity and YouTrack. … |
| Remediation | Apply the vendor-released patch by upgrading JetBrains Hub to the fixed build on your release line: 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, or 2024.2.148429 (whichever matches your major version); details are on JetBrains' fixed-issues page at https://www.jetbrains.com/privacy-security/issues-fixed/. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Identify and inventory all JetBrains Hub instances; determine current versions and flag any systems running versions prior to 2024.2.148429, 2024.3.148430, 2025.1.148120, 2025.2.148048, 2025.3.148033, or 2026.1.13757. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Insecure permissions in Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows authenticated attackers with low-leve
Account takeover in JetBrains Hub is possible through predictable restore codes, affecting all versions prior to 2026.1.
Hub v2.0 property management system allows unauthenticated arbitrary file upload via /utils/uploadFile. Malicious PDF fi
JetBrains Hub before 2025.3.119807 has an authentication bypass allowing administrative actions without proper credentia
Privilege escalation in JetBrains Hub (versions prior to 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024
JetBrains Hub versions prior to 2026.1 contain an authentication bypass vulnerability where attackers with valid credent
In JetBrains Hub before 2025.3.104432 information disclosure was possible via the Users API. Rated medium severity (CVSS
In JetBrains Hub before 2025.3.104432 a race condition allowed bypass of the Agent-user limit. Rated low severity (CVSS
In JetBrains Hub before 2025.3.104992 a race condition allowed bypass of the user limit via invitations. Rated low sever
In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping. Rated medium sev
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38008
GHSA-xqpc-xqhc-3crx