CVE-2026-28195
published 2026-02-25CVE-2026-28195: In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add parameters to build configurations
PriorityP422medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
EPSS
0.16%
5.4th percentile
In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add parameters to build configurations
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jetbrains | teamcity | < 2025.11.3 | 2025.11.3 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Wiz
CVE-2025-67739 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 3.1
CVE-2025-67739 [LOW] CVE-2025-67739 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-67739 :
JetBrains TeamCity vulnerability analysis and mitigation
In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure
Source : NVD
## 3.1
Score
Published December 11, 2025
Severity LOW
CNA Score 3.1
Affected Technologies
JetBrains TeamCity
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) N/A
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:jetbrains:teamcity
Sources
Linux Severity LOW Has Fix Added at: Dec 12, 2025
Windows Severity LOW Has Fix Added at: Dec 12, 2025
Linux Severity LOW Has Fix Added at: Dec 26, 2025
Windows Severity LOW Has Fix Added at: Dec 26, 2025
## Get a CVE
Wiz
CVE-2025-68163 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 3.5
CVE-2025-68163 [LOW] CVE-2025-68163 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68163 :
JetBrains TeamCity vulnerability analysis and mitigation
In JetBrains TeamCity before 2025.11 stored XSS was possible on agentpushInstall page
Source : NVD
## 4.8
Score
Published December 16, 2025
Severity MEDIUM
CNA Score 3.5
Affected Technologies
JetBrains TeamCity
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:jetbrains:teamcity
Sources
Linux Severity LOW Has Fix Added at: Dec 17, 2025
Windows Severity LOW Has Fix Added at: Dec 17, 2025
Linux Severity MEDIUM Has Fix Added at: Dec 21, 2025
Windows Severity MEDIUM Has Fix Added at: Dec 21, 2025
## Get a CVE risk assessment
Wiz
CVE-2025-68164 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 2.7
CVE-2025-68164 [LOW] CVE-2025-68164 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68164 :
JetBrains TeamCity vulnerability analysis and mitigation
In JetBrains TeamCity before 2025.11 port enumeration was possible via the Perforce connection test
Source : NVD
## 2.7
Score
Published December 16, 2025
Severity LOW
CNA Score 2.7
Affected Technologies
JetBrains TeamCity
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) N/A
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:jetbrains:teamcity
Sources
Linux Severity LOW Has Fix Added at: Dec 17, 2025
Windows Severity LOW Has Fix Added at: Dec 17, 2025
Linux Severity LOW Has Fix Added at: Dec 21, 2025
Windows Severity LOW Has Fix Added at: Dec 21, 2025
## Get a CVE risk assess
Wiz
CVE-2026-28195 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2026-28195 [MEDIUM] CVE-2026-28195 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-28195 :
JetBrains TeamCity vulnerability analysis and mitigation
In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add parameters to build configurations
Source : NVD
## 4.3
Score
Published February 25, 2026
Severity MEDIUM
CNA Score 4.3
Affected Technologies
JetBrains TeamCity
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) N/A
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:jetbrains:teamcity
Sources
Linux Severity MEDIUM Has Fix Added at: Mar 02, 2026
Windows Severity MEDIUM Has Fix Added at: Mar 02, 2026
Linux Severity MEDIUM Has Fix Added at: Mar 03, 2026
Windows Severity MEDIUM Has Fix Adde
Wiz
CVE-2025-68166 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.4
CVE-2025-68166 [MEDIUM] CVE-2025-68166 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68166 :
JetBrains TeamCity vulnerability analysis and mitigation
In JetBrains TeamCity before 2025.11 a DOM-based XSS was possible on the OAuth connections tab
Source : NVD
## 6.1
Score
Published December 16, 2025
Severity MEDIUM
CNA Score 5.4
Affected Technologies
JetBrains TeamCity
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 36.9
Exploitation Probability (EPSS) 0.2
Affected packages and libraries
cpe:2.3:a:jetbrains:teamcity
Sources
Linux Severity MEDIUM Has Fix Added at: Dec 17, 2025
Windows Severity MEDIUM Has Fix Added at: Dec 17, 2025
Linux Severity MEDIUM Has Fix Added at: Dec 21, 2025
Windows Severity MEDIUM Has Fix Added at: Dec 21, 2025
## Get a CVE
Wiz
CVE-2025-68165 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.4
CVE-2025-68165 [MEDIUM] CVE-2025-68165 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68165 :
JetBrains TeamCity vulnerability analysis and mitigation
In JetBrains TeamCity before 2025.11 reflected XSS was possible on VCS Root setup
Source : NVD
## 6.1
Score
Published December 16, 2025
Severity MEDIUM
CNA Score 5.4
Affected Technologies
JetBrains TeamCity
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 36.9
Exploitation Probability (EPSS) 0.2
Affected packages and libraries
cpe:2.3:a:jetbrains:teamcity
Sources
Linux Severity MEDIUM Has Fix Added at: Dec 17, 2025
Windows Severity MEDIUM Has Fix Added at: Dec 17, 2025
Linux Severity MEDIUM Has Fix Added at: Dec 21, 2025
Windows Severity MEDIUM Has Fix Added at: Dec 21, 2025
## Get a CVE risk assessme
Wiz
CVE-2025-67740 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 2.7
CVE-2025-67740 [LOW] CVE-2025-67740 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-67740 :
JetBrains TeamCity vulnerability analysis and mitigation
In JetBrains TeamCity before 2025.11 improper access control could expose GitHub App token's metadata
Source : NVD
## 5.3
Score
Published December 11, 2025
Severity MEDIUM
CNA Score 2.7
Affected Technologies
JetBrains TeamCity
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) N/A
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:jetbrains:teamcity
Sources
Linux Severity LOW Has Fix Added at: Dec 12, 2025
Windows Severity LOW Has Fix Added at: Dec 12, 2025
Linux Severity MEDIUM Has Fix Added at: Dec 16, 2025
Windows Severity MEDIUM Has Fix Added at: Dec 16, 2025
## Get a CVE
Wiz
CVE-2026-28194 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2026-28194 [MEDIUM] CVE-2026-28194 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-28194 :
JetBrains TeamCity vulnerability analysis and mitigation
In JetBrains TeamCity before 2025.11.3 open redirect was possible in the React project creation flow
Source : NVD
## 6.1
Score
Published February 25, 2026
Severity MEDIUM
CNA Score 4.3
Affected Technologies
JetBrains TeamCity
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:jetbrains:teamcity
Sources
Linux Severity MEDIUM Has Fix Added at: Mar 02, 2026
Windows Severity MEDIUM Has Fix Added at: Mar 02, 2026
Linux Severity MEDIUM Has Fix Added at: Mar 03, 2026
Windows Severity MEDIUM Has Fix Added at: Mar 03, 2026
## Get a
Wiz
CVE-2025-67742 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 3.8
CVE-2025-67742 [LOW] CVE-2025-67742 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-67742 :
JetBrains TeamCity vulnerability analysis and mitigation
In JetBrains TeamCity before 2025.11 path traversal was possible via file upload
Source : NVD
## 7.5
Score
Published December 11, 2025
Severity HIGH
CNA Score 3.8
Affected Technologies
JetBrains TeamCity
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) N/A
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:jetbrains:teamcity
Sources
Linux Severity LOW Has Fix Added at: Dec 12, 2025
Windows Severity LOW Has Fix Added at: Dec 12, 2025
Linux Severity HIGH Has Fix Added at: Dec 16, 2025
Windows Severity HIGH Has Fix Added at: Dec 16, 2025
## Get a CVE risk assessment
Get a pri
Wiz
CVE-2025-68267 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2025-68267 [MEDIUM] CVE-2025-68267 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68267 :
JetBrains TeamCity vulnerability analysis and mitigation
In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token
Source : NVD
## 6.5
Score
Published December 16, 2025
Severity MEDIUM
CNA Score 6.5
Affected Technologies
JetBrains TeamCity
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:jetbrains:teamcity
Sources
Linux Severity MEDIUM Has Fix Added at: Dec 17, 2025
Windows Severity MEDIUM Has Fix Added at: Dec 17, 2025
Linux Severity MEDIUM Has Fix Added at: Dec 21, 2025
Windows Severit
Wiz
CVE-2025-67741 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.6
CVE-2025-67741 [MEDIUM] CVE-2025-67741 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-67741 :
JetBrains TeamCity vulnerability analysis and mitigation
In JetBrains TeamCity before 2025.11 stored XSS was possible via session attribute
Source : NVD
## 5.4
Score
Published December 11, 2025
Severity MEDIUM
CNA Score 4.6
Affected Technologies
JetBrains TeamCity
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 29.1
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:jetbrains:teamcity
Sources
Linux Severity MEDIUM Has Fix Added at: Dec 12, 2025
Windows Severity MEDIUM Has Fix Added at: Dec 12, 2025
Linux Severity MEDIUM Has Fix Added at: Dec 16, 2025
Windows Severity MEDIUM Has Fix Added at: Dec 16, 2025
## Get a CVE risk assessm
Wiz
CVE-2025-68268 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2025-68268 [MEDIUM] CVE-2025-68268 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68268 :
JetBrains TeamCity vulnerability analysis and mitigation
In JetBrains TeamCity before 2025.11.1 reflected XSS was possible on the storage settings page
Source : NVD
## 6.1
Score
Published December 16, 2025
Severity MEDIUM
CNA Score 5.4
Affected Technologies
JetBrains TeamCity
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 36.9
Exploitation Probability (EPSS) 0.2
Affected packages and libraries
cpe:2.3:a:jetbrains:teamcity
Sources
Linux Severity MEDIUM Has Fix Added at: Dec 17, 2025
Windows Severity MEDIUM Has Fix Added at: Dec 17, 2025
Linux Severity MEDIUM Has Fix Added at: Dec 21, 2025
Windows Severity MEDIUM Has Fix Added at: Dec 21, 2025
## Get a CVE
Wiz
CVE-2025-68162 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 2.7
CVE-2025-68162 [LOW] CVE-2025-68162 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68162 :
JetBrains TeamCity vulnerability analysis and mitigation
In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration
Source : NVD
## 2.7
Score
Published December 16, 2025
Severity LOW
CNA Score 2.7
Affected Technologies
JetBrains TeamCity
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) N/A
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:jetbrains:teamcity
Sources
Linux Severity LOW Has Fix Added at: Dec 17, 2025
Windows Severity LOW Has Fix Added at: Dec 17, 2025
Linux Severity LOW Has Fix Added at: Dec 21, 2025
Windows Severity LOW Has Fix Added at: Dec 21, 2025
## Get a CVE risk a
Wiz
CVE-2026-28196 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2026-28196 [MEDIUM] CVE-2026-28196 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-28196 :
JetBrains TeamCity vulnerability analysis and mitigation
In JetBrains TeamCity before 2025.11.3 disabling versioned settings left a credentials config on disk
Source : NVD
## 2.3
Score
Published February 25, 2026
Severity LOW
CNA Score 2.3
Affected Technologies
JetBrains TeamCity
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) N/A
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:jetbrains:teamcity
Sources
Linux Severity LOW Has Fix Added at: Mar 02, 2026
Windows Severity LOW Has Fix Added at: Mar 02, 2026
Linux Severity LOW Has Fix Added at: Mar 03, 2026
Windows Severity LOW Has Fix Added at: Mar 03, 2026
## Get a CVE risk asse
2026-02-25
Published