CVE-2026-49385
Received
Received - Intake
Improper Access Control in JetBrains YouTrack
Publication date: 2026-05-29
Last updated on: 2026-05-29
Assigner: JetBrains s.r.o.
Description
Description
In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jetbrains | youtrack | to 2026.1.13570 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in JetBrains YouTrack versions before 2026.1.13570. It involves improper access control that allows users with low privileges to modify service accounts.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing low-privileged users to modify service accounts, which could lead to unauthorized changes or misuse of those accounts. According to the CVSS score, the impact is high on integrity but does not affect confidentiality or availability.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70