1108 matches found
CVE-2026-57921
In JetBrains YouTrack prior to version 2026.2.16593, an improper access control flaw in the comment templates endpoint allowed reading users’ private data. Affected component: YouTrack server-side access control for comment templates; root cause is insufficient restrictions on who can retrieve te...
CVE-2026-57921
In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templates endpoint...
CVE-2026-57922
In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible...
CVE-2026-57921
In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templates endpoint...
PT-2026-52705
Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2026.2.16593 Description Improper access control allows unauthorized reading of saved queries and tags. Recommendations Update to version 2026.2.16593...
PT-2026-52706
Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2026.2.16593 Description The websandbox bridge is susceptible to prototype pollution, a condition where an attacker can manipulate the prototype of a JavaScript object to inject properties or change the...
PT-2026-52703
Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2026.2.16593 Description Improper authorization in the app configurations endpoint allows for the modification of project settings. Recommendations Update JetBrains YouTrack to version 2026.2.16593 or later...
PT-2026-52702
Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2026.2.16593 Description An issue exists that allows the disclosure of project settings via the MCP. Recommendations Update to version 2026.2.16593...
PT-2026-52704
Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2026.2.16593 Description The default role configuration allows for the exposure of excessive user profile details. Recommendations Update to version 2026.2.16593...
PT-2026-52701
Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2026.2.16593 Description Improper access control allows the unauthorized reading of private user data through the comment templates endpoint. Recommendations Update to version 2026.2.16593...
JetBrains YouTrack < 2024.2.148429 / < 2024.3.148430 / < 2025.1.148120 / < 2025.2.148048 / < 2025.3.148033 / < 2026.1.13757 Authentication Bypass (CVE-2026-50242)
The version of JetBrains YouTrack installed on the remote host is prior to 2024.2.148429, 2024.3.x prior to 2024.3.148430, 2025.1.x prior to 2025.1.148120, 2025.2.x prior to 2025.2.148048, 2025.3.x prior to 2025.3.148033, or 2026.1.x prior to 2026.1.13757. It is, therefore, affected by an...
CVE-2026-49370
In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests...
CVE-2026-49385
In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts...
CVE-2026-49369
In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages...
CVE-2026-49386
In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas...
CVE-2026-49368
In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible...
CVE-2026-33392
In JetBrains YouTrack before 2025.3.131383 high privileged user can achieve RCE via sandbox bypass...
CVE-2026-49385
In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts...
CVE-2026-49386
In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas...
CVE-2026-49369
In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages...