Jetbrains Hub

13 CVEs affecting Jetbrains Hub. Latest disclosed: 2026-03-11. Critical: 1, High: 0.

Top CVEs affecting Jetbrains Hub
CVE	Severity	Score	Published	Summary
`CVE-2026-25848`	Critical	`9.1`	2026-02-09	In JetBrains Hub before 2025.3.119807 authentication bypass allowing administrative actions was possible
`CVE-2026-32229`	Medium	`6.8`	2026-03-11	In JetBrains Hub before 2026.1 possible on sign-in account mismatch with non-SSO auth and 2FA disabled
`CVE-2025-24456`	Medium	`6.7`	2025-01-21	In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping
`CVE-2022-29811`	Medium	`6.1`	2022-04-28	In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible.
`CVE-2025-64683`	Medium	`5.3`	2025-11-10	In JetBrains Hub before 2025.3.104432 information disclosure was possible via the Users API
`CVE-2022-48429`	Medium	`4.6`	2023-03-27	In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 reflected XSS in dashboards was possible
`CVE-2024-50573`	Medium	`4.3`	2024-10-28	In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services
`CVE-2022-48477`	Medium	`4.1`	2023-04-24	In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing
`CVE-2024-38507`	Low	`3.5`	2024-06-18	In JetBrains Hub before 2024.2.34646 stored XSS via project description was possible
`CVE-2022-45471`	Low	`3.5`	2022-11-18	In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address
`CVE-2022-34894`	Low	`3.5`	2022-07-01	In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services
`CVE-2025-64682`	Low	`2.7`	2025-11-10	In JetBrains Hub before 2025.3.104432 a race condition allowed bypass of the Agent-user limit
`CVE-2025-64681`	Low	`2.7`	2025-11-10	In JetBrains Hub before 2025.3.104992 a race condition allowed bypass of the user limit via invitations