CVE-2026-49367
Command Execution via Guest Account in JetBrains IntelliJ IDEA
Publication date: 2026-05-29
Last updated on: 2026-05-29
Assigner: JetBrains s.r.o.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jetbrains | intellij_idea | to 2026.1.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in JetBrains IntelliJ IDEA versions before 2026.1.1. It allows command execution through the guest user account, meaning that an attacker with access to the guest account could execute arbitrary commands on the affected system.
How can this vulnerability impact me? :
The vulnerability can have a severe impact as it allows an attacker to execute commands with high confidentiality, integrity, and availability impact. This means an attacker could potentially take control of the system, access sensitive data, modify or delete information, and disrupt system operations.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update JetBrains IntelliJ IDEA to version 2026.1.1 or later, as the issue allowing command execution via the guest user account is fixed in that release.