CVE-2026-49381
published 2026-05-29CVE-2026-49381: In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible
PriorityP420medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
0.21%
10.6th percentile
In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jetbrains | teamcity | < 2026.1 | 2026.1 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
JetBrains TeamCity up to 2026.0 cross site scripting
vuldb·2026-05-29·CVSS 3.4
CVE-2026-49381 [LOW] JetBrains TeamCity up to 2026.0 cross site scripting
A vulnerability has been found in JetBrains TeamCity up to 2026.0 and classified as problematic. The impacted element is an unknown function. This manipulation causes cross site scripting.
This vulnerability appears as CVE-2026-49381. The attack may be initiated remotely. There is no available exploit.
The affected component should be upgraded.
GHSA
GHSA-mhr7-j6qx-58mw: In JetBrains TeamCity before 2026
ghsa_unreviewed·2026-05-29
CVE-2026-49381 [LOW] CWE-79 GHSA-mhr7-j6qx-58mw: In JetBrains TeamCity before 2026
In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-29
Published