CVE-2026-33392

Published: Apr 17, 2026 Last Modified: Apr 17, 2026
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,2
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: high
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high

Description

AI Translation Available

In JetBrains YouTrack before 2025.3.131383 high privileged user can achieve RCE via sandbox bypass

1336

Improper Neutralization of Special Elements Used in a Template Engine

Incomplete
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity
Potential Impacts:
Execute Unauthorized Code Or Commands
Applicable Platforms
Languages: Interpreted, Java, JavaScript, PHP, Python
Technologies: AI/ML, Client Server, Not Technology-Specific
View CWE Details
https://www.jetbrains.com/privacy-security/issues-fixed/
https://www.jetbrains.com/privacy-security/issues-fixed/