CVE-2026-33392
Received
Received - Intake
Sandbox Bypass Enables RCE in JetBrains YouTrack Before
Publication date: 2026-04-17
Last updated on: 2026-04-20
Assigner: JetBrains s.r.o.
Description
Description
In JetBrains YouTrack before 2025.3.131383 high privileged user can achieve RCE via sandbox bypass
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jetbrains | youtrack | to 2025.3.131383 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-1336 | The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in JetBrains YouTrack versions before 2025.3.131383. It allows a high privileged user to achieve remote code execution (RCE) by bypassing the sandbox protections.
How can this vulnerability impact me? :
The vulnerability can have a significant impact as it allows a high privileged user to execute arbitrary code remotely. This can lead to full system compromise, including unauthorized access, data manipulation, and disruption of services.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70