CVE-2026-49380
published 2026-05-29CVE-2026-49380: In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible
PriorityP423medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.16%
6.0th percentile
In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jetbrains | teamcity | < 2026.1 | 2026.1 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wcfj-vvvg-4x96: In JetBrains TeamCity before 2026
ghsa_unreviewed·2026-05-29
CVE-2026-49380 [LOW] CWE-601 GHSA-wcfj-vvvg-4x96: In JetBrains TeamCity before 2026
In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible
VulDB
JetBrains TeamCity up to 2026.0 redirect
vuldb·2026-05-29·CVSS 3.1
CVE-2026-49380 [LOW] JetBrains TeamCity up to 2026.0 redirect
A vulnerability, which was classified as problematic, was found in JetBrains TeamCity up to 2026.0. The affected element is an unknown function. The manipulation results in open redirect.
This vulnerability is reported as CVE-2026-49380. The attack can be launched remotely. No exploit exists.
You should upgrade the affected component.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-29
Published