CVE-2026-56141
published 2026-06-19CVE-2026-56141: In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 account takeover via predictable restore codes…
PriorityP352critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.36%
28.4th percentile
In JetBrains Hub before 2026.1.13757,
2025.3.148033,
2025.2.148048,
2025.1.148120,
2024.3.148430,
2024.2.148429 account takeover via predictable restore codes was possible
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jetbrains | hub | < 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 | 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 |
| jetbrains | hub | >= 2024.2.33606 < 2024.2.148429 | 2024.2.148429 |
| jetbrains | hub | >= 2024.3.44799 < 2024.3.148430 | 2024.3.148430 |
| jetbrains | hub | >= 2025.1.62455 < 2025.1.148120 | 2025.1.148120 |
| jetbrains | hub | >= 2025.2.86069 < 2025.2.148048 | 2025.2.148048 |
| jetbrains | hub | >= 2025.3.104432 < 2025.3.148033 | 2025.3.148033 |
| jetbrains | hub | >= 2026.1.12024 < 2026.1.13757 | 2026.1.13757 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-19
Published