CVE-2026-49378
Received
Received - Intake
Credentials Exposure via Autocompletion in JetBrains TeamCity
Publication date: 2026-05-29
Last updated on: 2026-05-29
Assigner: JetBrains s.r.o.
Description
Description
In JetBrains TeamCity before 2026.1 credentials parameters were exposed via parameter autocompletion
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jetbrains | teamcity | to 2026.1 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in JetBrains TeamCity versions before 2026.1, where credential parameters were exposed through the parameter autocompletion feature.
How can this vulnerability impact me? :
The exposure of credential parameters via autocompletion can lead to unauthorized disclosure of sensitive information, potentially allowing attackers or unauthorized users to access credentials that should remain confidential.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70