CVE-2026-49373

Published: Mag 29, 2026 Last Modified: Mag 29, 2026
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,1
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: low
Availability: none

Description

AI Translation Available

In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings

88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Integrity Availability Other
Potential Impacts:
Execute Unauthorized Code Or Commands Alter Execution Logic Read Application Data Modify Application Data
Applicable Platforms
Languages: Not Language-Specific, PHP
View CWE Details
https://www.jetbrains.com/privacy-security/issues-fixed/
https://www.jetbrains.com/privacy-security/issues-fixed/