CVE-2026-56142
Analyzed
Analyzed - Analysis Complete
Privilege Escalation in JetBrains Hub
Vulnerability report for CVE-2026-56142, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-06-19
Last updated on: 2026-06-26
Assigner: JetBrains s.r.o.
Description
Description
In JetBrains Hub before 2026.1.13757,
2025.3.148033,
2025.2.148048,
2025.1.148120,
2024.3.148430,
2024.2.148429 privilege escalation by attaching authentication details to accounts was possible
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jetbrains | hub | From 2024.2.33606 (inc) to 2024.2.148429 (exc) |
| jetbrains | hub | From 2024.3.44799 (inc) to 2024.3.148430 (exc) |
| jetbrains | hub | From 2025.1.62455 (inc) to 2025.1.148120 (exc) |
| jetbrains | hub | From 2025.2.86069 (inc) to 2025.2.148048 (exc) |
| jetbrains | hub | From 2025.3.104432 (inc) to 2025.3.148033 (exc) |
| jetbrains | hub | From 2026.1.12024 (inc) to 2026.1.13757 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-915 | The product receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an object, but it does not properly control which attributes can be modified. |