Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Network-reachable account function with low complexity and no UI, but requires an existing low-privilege account (PR:L); successful account takeover yields total impact (C/I/A:H).
Primary rating from Vendor (JetBrains).
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
11DescriptionNVD
In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 privilege escalation by attaching authentication details to accounts was possible
AnalysisAI
Privilege escalation in JetBrains Hub (versions prior to 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, and 2024.2.148429) allows an authenticated attacker to attach additional authentication details to existing accounts, enabling unauthorized access and elevation of privileges. The flaw, self-reported by JetBrains and patched, carries a CVSS 8.8 with high impact to confidentiality, integrity, and availability; no public exploit is identified at time of analysis and EPSS exploitation probability is low (0.41%).
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to already possess a valid authenticated JetBrains Hub account (CVSS PR:L), reachable over the network (AV:N), with no user interaction and low attack complexity. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are moderately consistent and point to a real but not emergency-grade priority. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with a low-privilege but valid JetBrains Hub account sends a crafted account-management request that attaches their own authentication details (e.g., an additional login credential or identity binding) to a higher-privilege target account, then authenticates as that account to gain its access across Hub-integrated tools. Given AV:N/AC:L, this requires only network reachability to Hub and no user interaction, though it depends on the attacker first holding any authenticated session; no public POC is identified at time of analysis. |
| Remediation | Vendor-released patch: upgrade JetBrains Hub to the fixed build for your release line - 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, or 2024.2.148429 (or later), per the JetBrains fixed-issues advisory at https://www.jetbrains.com/privacy-security/issues-fixed/. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all JetBrains Hub deployments and confirm current versions. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Insecure permissions in Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows authenticated attackers with low-leve
Authentication bypass in JetBrains Hub (the identity and account-management server behind TeamCity, YouTrack, and other
Account takeover in JetBrains Hub is possible through predictable restore codes, affecting all versions prior to 2026.1.
Hub v2.0 property management system allows unauthenticated arbitrary file upload via /utils/uploadFile. Malicious PDF fi
JetBrains Hub before 2025.3.119807 has an authentication bypass allowing administrative actions without proper credentia
JetBrains Hub versions prior to 2026.1 contain an authentication bypass vulnerability where attackers with valid credent
In JetBrains Hub before 2025.3.104432 information disclosure was possible via the Users API. Rated medium severity (CVSS
In JetBrains Hub before 2025.3.104432 a race condition allowed bypass of the Agent-user limit. Rated low severity (CVSS
In JetBrains Hub before 2025.3.104992 a race condition allowed bypass of the user limit via invitations. Rated low sever
In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping. Rated medium sev
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38007
GHSA-v6fr-2xp3-xpr7