cbcvebase.

Jetbrains Teamcity vulnerabilities

269 known vulnerabilities affecting jetbrains/teamcity.

Total CVEs
269
CISA KEV
3
actively exploited
Public exploits
5
Exploited in wild
4
Severity breakdown
CRITICAL24HIGH54MEDIUM182LOW9

Vulnerabilities

Page 14 of 14
CVE-2025-57733P4LOWCVSS 3.8fixed in 2025.07.12025-08-20
CVE-2025-57733 [LOW] CWE-77 CVE-2025-57733: In JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email co In JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email content
nvd
CVE-2021-25775P4LOWCVSS 3.8fixed in 2020.2.12021-02-03
CVE-2021-25775 [LOW] CVE-2021-25775: In JetBrains TeamCity before 2020.2.1, the server admin could create and see access tokens for any o In JetBrains TeamCity before 2020.2.1, the server admin could create and see access tokens for any other users.
nvd
CVE-2025-67739P4LOWCVSS 3.1fixed in 2025.11.22025-12-11
CVE-2025-67739 [LOW] CWE-939 CVE-2025-67739: In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure
nvd
CVE-2025-68164P4LOWCVSS 2.7fixed in 2025.112025-12-16
CVE-2025-68164 [LOW] CWE-203 CVE-2025-68164: In JetBrains TeamCity before 2025.11 port enumeration was possible via the Perforce connection test In JetBrains TeamCity before 2025.11 port enumeration was possible via the Perforce connection test
nvd
CVE-2025-68162P4LOWCVSS 2.7fixed in 2025.112025-12-16
CVE-2025-68162 [LOW] CWE-829 CVE-2025-68162: In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configura In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration
nvd
CVE-2021-31906P4LOWCVSS 2.7fixed in 2020.2.22021-05-11
CVE-2021-31906 [LOW] CVE-2021-31906: In JetBrains TeamCity before 2020.2.2, audit logs were not sufficient when an administrator uploaded In JetBrains TeamCity before 2020.2.2, audit logs were not sufficient when an administrator uploaded a file.
nvd
CVE-2026-28196P4LOWCVSS 2.3fixed in 2025.11.32026-02-25
CVE-2026-28196 [LOW] CWE-459 CVE-2026-28196: In JetBrains TeamCity before 2025.11.3 disabling versioned settings left a credentials config on dis In JetBrains TeamCity before 2025.11.3 disabling versioned settings left a credentials config on disk
nvd
CVE-2021-26309P4LOWCVSS 3.3fixed in 2020.2.2.858992021-05-11
CVE-2021-26309 [LOW] CWE-668 CVE-2021-26309: Information disclosure in the TeamCity plugin for IntelliJ before 2020.2.2.85899 was possible becaus Information disclosure in the TeamCity plugin for IntelliJ before 2020.2.2.85899 was possible because a local temporary file had Insecure Permissions.
nvd
CVE-2020-11686P4LOWCVSS 2.7fixed in 2019.1.42020-04-22
CVE-2020-11686 [LOW] CVE-2020-11686: In JetBrains TeamCity before 2019.1.4, a project administrator was able to retrieve some TeamCity se In JetBrains TeamCity before 2019.1.4, a project administrator was able to retrieve some TeamCity server settings.
nvd
Jetbrains Teamcity vulnerabilities | cvebase