CVE-2026-49371
published 2026-05-29CVE-2026-49371: In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible
PriorityP336high8.2CVSS 3.1
AVNACLPRNUIRSCCHILAN
EPSS
0.25%
16.4th percentile
In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jetbrains | teamcity | < 2026.1.1 | 2026.1.1 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jjhv-75hw-cg7g: In JetBrains TeamCity before 2026
ghsa_unreviewed·2026-05-29
CVE-2026-49371 [HIGH] CWE-79 GHSA-jjhv-75hw-cg7g: In JetBrains TeamCity before 2026
In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible
VulDB
JetBrains TeamCity up to 2026.1.0 cross site scripting
vuldb·2026-05-29·CVSS 7.1
CVE-2026-49371 [HIGH] JetBrains TeamCity up to 2026.1.0 cross site scripting
A vulnerability classified as problematic has been found in JetBrains TeamCity up to 2026.1.0. This vulnerability affects unknown code. Performing a manipulation results in cross site scripting.
This vulnerability is cataloged as CVE-2026-49371. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-29
Published