CVE-2026-25846
Access Token Exposure in JetBrains YouTrack Mailbox Logs
Publication date: 2026-02-09
Last updated on: 2026-02-18
Assigner: JetBrains s.r.o.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jetbrains | youtrack | to 2025.3.119033 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-532 | The product writes sensitive information to a log file. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
I don't know
Can you explain this vulnerability to me?
This vulnerability exists in JetBrains YouTrack versions before 2025.3.119033. It involves the exposure of access tokens within Mailbox logs, which means that sensitive authentication tokens could be recorded and potentially accessed through these logs.
How can this vulnerability impact me? :
The exposure of access tokens in Mailbox logs can lead to unauthorized access to the affected system or services. Since access tokens often grant significant privileges, their exposure could allow attackers to impersonate legitimate users or services, potentially leading to data breaches or unauthorized actions.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know