Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Triggered by loading a crafted project, so AV:L and UI:R rather than the NVD's AV:N/UI:N; code execution yields full C/I/A on the victim host.
Primary rating from Vendor (JetBrains).
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
7DescriptionNVD
In JetBrains IntelliJ IDEA before 2026.1.4, 2026.2 code execution via path traversal in project workspace ID handling was possible
AnalysisAI
Code execution via path traversal in JetBrains IntelliJ IDEA before 2026.1.4 and 2026.2 lets an attacker abuse improper sanitization of the project workspace ID to write or reference files outside the intended workspace directory, culminating in arbitrary code execution. The flaw was self-reported by JetBrains and a fix is available; no public exploit has been identified at time of analysis. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation targets the project workspace ID handling routine, so the concrete prerequisite is that a vulnerable IntelliJ IDEA (before 2026.1.4, or 2026.2) loads a project carrying an attacker-controlled workspace ID with path-traversal content. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The published CVSS:3.1 vector (AV:N/AC:L/PR:N/UI:N, C:H/I:H/A:H = 9.8) implies fully remote, unauthenticated, no-interaction RCE, but this conflicts with the description, which points to project workspace ID handling - a code path exercised when a project is loaded into the IDE. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker crafts a project (shared via a repository, ZIP, or sample template) whose workspace ID contains traversal sequences; when a developer opens it in a vulnerable IntelliJ IDEA, the IDE resolves the ID outside the workspace and writes to an attacker-controlled path, dropping or overwriting a file that leads to code execution in the developer's context. No public exploit is known, and the low CVSS attack complexity suggests reliable triggering once a victim opens the crafted project. |
| Remediation | Vendor-released patch: upgrade to IntelliJ IDEA 2026.1.4 or later on the 2026.1 branch, and to the patched 2026.2 build, as published on the JetBrains Security page at https://www.jetbrains.com/privacy-security/issues-fixed/; the JetBrains Toolbox App or in-IDE update channel will deliver these. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Identify all IntelliJ IDEA installations in development environments, determine affected versions (before 2026.1.4), and notify development teams. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Intellij Idea
View allIn JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin
In JetBrains IntelliJ IDEA before 2020.1, the license server could be resolved to an untrusted host in some cases. Rated
In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task Servers configurations leads to saving a cleartex
In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to s
In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote att
In several JetBrains IntelliJ IDEA Ultimate versions, an Application Server run configuration (for Tomcat, Jetty, Resin,
In several versions of JetBrains IntelliJ IDEA Ultimate, creating run configurations for cloud application servers leads
Command execution in JetBrains IntelliJ IDEA versions prior to 2026.1.1 allows attackers leveraging the guest user accou
Command injection in JetBrains IntelliJ IDEA before 2026.1.1 allows attackers to execute arbitrary OS commands by abusin
In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesting excessive permissions. Rated high severity (CVS
In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI attacks. Rated high severity (CVSS 7.8
In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible. Rated high severity (CVSS 7.8), this v
Same weakness CWE-23 – Relative Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42910
GHSA-6f7v-4c46-hrp4