JetBrains: JetBrains TeamCity vulnerability allows privilege escalation, API exposure (CVE-2026-44413)

JetBrains Patches High-Severity Privilege Escalation Flaw in TeamCity

JetBrains has addressed a high-severity vulnerability (CVE-2026-44413) in its TeamCity continuous integration and delivery (CI/CD) platform, urging organizations with on-premises or self-managed deployments to upgrade or apply a security patch.

The flaw enables privilege escalation, potentially exposing parts of TeamCity’s REST API to unauthorized users. Compromised endpoints could leak sensitive data, including API tokens, Git credentials, build secrets, passwords, and user details information that could be exploited to access cloud infrastructure or source code repositories.

Exploitation requires access to a TeamCity account, which attackers may obtain through brute force, credential stuffing, or social engineering. Some instances also have "guest access" enabled, allowing unauthenticated logins.

The vulnerability affects TeamCity On-Premises versions 2025.11.4 and earlier, with fixes available in version 2026.1. JetBrains also released a security patch plugin for versions 2017.1 and later. The company noted that instances with open inbound connections beyond standard HTTP/HTTPS ports or where build agents run on the same host as the server are particularly at risk.

TeamCity servers have been frequent targets of cyberattacks, including state-sponsored and financially motivated threat actors exploiting past vulnerabilities (e.g., CVE-2023-42793, CVE-2024-27198). CVE-2026-44413 was privately reported by researcher Martin Orem of Binary House, with no evidence of active exploitation to date.

Source: https://www.helpnetsecurity.com/2026/05/12/jetbrains-teamcity-vulnerability-cve-2026-44413/

JetBrains TPRM report: https://www.rankiteo.com/company/jetbrains

"id": "jet1778597207",
"linkid": "jetbrains",
"type": "Vulnerability",
"date": "5/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'industry': 'Software Development',
                        'name': 'JetBrains',
                        'type': 'Company'}],
 'attack_vector': ['Brute Force',
                   'Credential Stuffing',
                   'Social Engineering',
                   'Unauthenticated Guest Access'],
 'customer_advisories': 'JetBrains urges organizations to upgrade or apply the '
                        'security patch to mitigate the vulnerability.',
 'data_breach': {'personally_identifiable_information': 'User details',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['API tokens',
                                              'Git credentials',
                                              'Build secrets',
                                              'Passwords',
                                              'User details']},
 'description': 'JetBrains has addressed a high-severity vulnerability '
                '(CVE-2026-44413) in its TeamCity continuous integration and '
                'delivery (CI/CD) platform, enabling privilege escalation. The '
                'flaw exposes parts of TeamCity’s REST API to unauthorized '
                'users, potentially leaking sensitive data such as API tokens, '
                'Git credentials, build secrets, passwords, and user details. '
                'Exploitation requires access to a TeamCity account, which '
                'attackers may obtain through brute force, credential '
                'stuffing, or social engineering. Some instances also have '
                "'guest access' enabled, allowing unauthenticated logins.",
 'impact': {'data_compromised': ['API tokens',
                                 'Git credentials',
                                 'Build secrets',
                                 'Passwords',
                                 'User details'],
            'operational_impact': 'Potential unauthorized access to cloud '
                                  'infrastructure or source code repositories',
            'systems_affected': 'TeamCity On-Premises (versions 2025.11.4 and '
                                'earlier)'},
 'investigation_status': 'Vulnerability patched; no evidence of active '
                         'exploitation to date',
 'post_incident_analysis': {'corrective_actions': 'Security patch and version '
                                                  'upgrade released',
                            'root_causes': 'Privilege escalation flaw in '
                                           'TeamCity REST API'},
 'recommendations': 'Organizations with on-premises or self-managed TeamCity '
                    'deployments should upgrade to version 2026.1 or apply the '
                    'security patch plugin. Instances with open inbound '
                    'connections beyond standard HTTP/HTTPS ports or where '
                    'build agents run on the same host as the server should be '
                    'prioritized for patching.',
 'references': [{'source': 'Researcher Martin Orem of Binary House'}],
 'response': {'containment_measures': 'Security patch plugin released for '
                                      'versions 2017.1 and later; upgrade to '
                                      'version 2026.1 recommended',
              'remediation_measures': 'Apply security patch or upgrade to '
                                      'fixed version'},
 'title': 'JetBrains Patches High-Severity Privilege Escalation Flaw in '
          'TeamCity',
 'type': 'Privilege Escalation',
 'vulnerability_exploited': 'CVE-2026-44413'}

JetBrains: JetBrains TeamCity vulnerability allows privilege escalation, API exposure (CVE-2026-44413)

Unspecified Web Service Provider: Client Challenge

Google: Malicious Chrome MV3 Extension Impersonates TronLink to Steal Crypto Wallet Credentials

Google: PoC Exploit Released for Android Zero-Click Vulnerability that Enables Remote Shell Access