Skip to main content

JetBrains Hub EUVDEUVD-2026-38006

| CVE-2026-56141 CRITICAL
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) (CWE-338)
2026-06-19 JetBrains GHSA-cq2r-w6jr-x35w
9.8
CVSS 3.1 · Vendor: JetBrains
Share

Severity by source

Vendor (JetBrains) PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
8.1 HIGH

Network-reachable recovery flow with no auth or UI, but predicting a restore code within its validity window is non-trivial, so AC:H; full account takeover yields C/I/A:H.

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (JetBrains).

CVSS VectorVendor: JetBrains

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Patch available
Jun 19, 2026 - 14:31 EUVD
Analysis Generated
Jun 19, 2026 - 13:00 vuln.today
CVE Published
Jun 19, 2026 - 11:49 cve.org
CRITICAL 9.8

DescriptionCVE.org

In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 account takeover via predictable restore codes was possible

AnalysisAI

Account takeover in JetBrains Hub is possible through predictable restore codes, affecting all versions prior to 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, and 2024.2.148429. Remote unauthenticated attackers can guess or predict the restore codes used for account recovery, enabling them to seize control of arbitrary user accounts. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Identify exposed JetBrains Hub instance
Delivery
Enumerate target username or email
Exploit
Trigger account restore code generation
Install
Predict restore code via weak PRNG
C2
Submit predicted code to recovery endpoint
Execute
Hijack target account session
Impact
Pivot to connected TeamCity/YouTrack resources

Vulnerability AssessmentAI

Exploitation Exploitation requires that the JetBrains Hub account-recovery (restore code) workflow be reachable by the attacker and that a restore code be generated for a target account - either by the attacker initiating the recovery flow against a known username/email, or by intercepting a legitimate recovery in progress. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H portrays this as a remote, unauthenticated, low-complexity attack with full CIA impact - a profile that typically warrants top-priority remediation, especially given Hub's role as an SSO/identity broker. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker enumerates valid usernames on an internet-exposed JetBrains Hub instance, triggers the account recovery (restore code) flow for a target administrator, and then predicts or guesses the restore code values based on the weak PRNG seeding or limited entropy. Submitting the predicted code via the standard password-reset endpoint yields a session for the targeted account, after which the attacker uses Hub's federation to pivot into TeamCity, YouTrack, or other connected JetBrains services.
Remediation Vendor-released patch: upgrade JetBrains Hub to 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, or 2024.2.148429 depending on the maintenance branch in use, per https://www.jetbrains.com/privacy-security/issues-fixed/. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Inventory all JetBrains Hub instances and document current versions; enable audit logging for all account recovery attempts; implement network-level access restrictions to Hub administrative interfaces. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Hub

View all
CVE-2025-65784 MEDIUM POC
6.5 Jan 13

Insecure permissions in Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows authenticated attackers with low-leve

CVE-2026-50242 CRITICAL
9.8 Jun 19

Authentication bypass in JetBrains Hub (the identity and account-management server behind TeamCity, YouTrack, and other

CVE-2025-65783 CRITICAL
9.8 Jan 13

Hub v2.0 property management system allows unauthenticated arbitrary file upload via /utils/uploadFile. Malicious PDF fi

CVE-2026-25848 CRITICAL
9.1 Feb 09

JetBrains Hub before 2025.3.119807 has an authentication bypass allowing administrative actions without proper credentia

CVE-2026-56142 HIGH
8.8 Jun 19

Privilege escalation in JetBrains Hub (versions prior to 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024

CVE-2026-32229 MEDIUM
6.8 Mar 11

JetBrains Hub versions prior to 2026.1 contain an authentication bypass vulnerability where attackers with valid credent

CVE-2025-64683 MEDIUM
5.3 Nov 10

In JetBrains Hub before 2025.3.104432 information disclosure was possible via the Users API. Rated medium severity (CVSS

CVE-2025-64682 LOW
2.7 Nov 10

In JetBrains Hub before 2025.3.104432 a race condition allowed bypass of the Agent-user limit. Rated low severity (CVSS

CVE-2025-64681 LOW
2.7 Nov 10

In JetBrains Hub before 2025.3.104992 a race condition allowed bypass of the user limit via invitations. Rated low sever

CVE-2025-24456 MEDIUM
6.7 Jan 21

In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping. Rated medium sev

Share

EUVD-2026-38006 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy