CVE-2026-49375
published 2026-05-29CVE-2026-49375: In JetBrains TeamCity before 2026.1, 2025.11.5 reflected XSS was possible on the repository download page
PriorityP426medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.21%
11.8th percentile
In JetBrains TeamCity before 2026.1,
2025.11.5 reflected XSS was possible on the repository download page
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jetbrains | teamcity | < 2026.1, 2025.11.5 | 2026.1, 2025.11.5 |
| jetbrains | teamcity | < 2025.11.5 | 2025.11.5 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
JetBrains TeamCity prior 2026.1/ 2025.11.5 cross site scripting
vuldb·2026-05-29·CVSS 6.1
CVE-2026-49375 [MEDIUM] JetBrains TeamCity prior 2026.1/ 2025.11.5 cross site scripting
A vulnerability classified as problematic was found in JetBrains TeamCity. This issue affects some unknown processing. Executing a manipulation can lead to cross site scripting.
This vulnerability is registered as CVE-2026-49375. It is possible to launch the attack remotely. No exploit is available.
Upgrading the affected component is advised.
GHSA
GHSA-f325-w28m-vh67: In JetBrains TeamCity before 2026
ghsa_unreviewed·2026-05-29
CVE-2026-49375 [MEDIUM] CWE-79 GHSA-f325-w28m-vh67: In JetBrains TeamCity before 2026
In JetBrains TeamCity before 2026.1,
2025.11.5 reflected XSS was possible on the repository download page
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-29
Published