CVE-2026-44413
published 2026-05-11CVE-2026-44413: In JetBrains TeamCity before 2026.1 2025.11.5 authenticated users could expose server API to unauthorised access
PriorityP347high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.26%
17.0th percentile
In JetBrains TeamCity before 2026.1
2025.11.5 authenticated users could expose server API to unauthorised access
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jetbrains | teamcity | < 2026.1 2025.11.5 | 2026.1 2025.11.5 |
| jetbrains | teamcity | < 2025.11.5 | 2025.11.5 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f2hf-494q-j864: In JetBrains TeamCity before 2026
ghsa_unreviewed·2026-05-11
CVE-2026-44413 [HIGH] CWE-306 GHSA-f2hf-494q-j864: In JetBrains TeamCity before 2026
In JetBrains TeamCity before 2026.1
2025.11.5 authenticated users could expose server API to unauthorised access
VulDB
JetBrains TeamCity up to 2025.11.3 missing authentication
vuldb·2026-05-11·CVSS 8.2
CVE-2026-44413 [HIGH] JetBrains TeamCity up to 2025.11.3 missing authentication
A vulnerability classified as critical was found in JetBrains TeamCity. Affected by this issue is some unknown functionality. Such manipulation leads to missing authentication.
This vulnerability is documented as CVE-2026-44413. The attack can be executed remotely. There is not any exploit available.
Upgrading the affected component is advised.
No detection rules found.
No public exploits indexed.
2026-05-11
Published