CVE-2026-41153
Awaiting Analysis
Awaiting Analysis - Queue
Command Injection in JetBrains Junie via Malicious Project File
Publication date: 2026-04-17
Last updated on: 2026-04-27
Assigner: JetBrains s.r.o.
Description
Description
In JetBrains Junie before 252.549.29 command execution was possible via malicious project file
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jetbrains | junie | to 252.549.29 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in JetBrains Junie versions before 252.549.29, where an attacker can execute commands by using a malicious project file.
How can this vulnerability impact me? :
The vulnerability allows an attacker to execute commands on the affected system with limited privileges, potentially leading to high confidentiality impact, low integrity impact, and low availability impact.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70