Jetbrains Teamcity
178 CVEs affecting Jetbrains Teamcity. Latest disclosed: 2026-05-29. Critical: 4, High: 15.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-27198 | Critical | 9.8 | 2024-03-04 | In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible |
CVE-2024-23917 | Critical | 9.8 | 2024-02-06 | In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible |
CVE-2023-42793 | Critical | 9.8 | 2023-09-19 | In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible |
CVE-2023-34218 | Critical | 9.1 | 2023-05-31 | In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible |
CVE-2026-44413 | High | 8.2 | 2026-05-11 | In JetBrains TeamCity before 2026.1 2025.11.5 authenticated users could expose server API to unauthorised access |
CVE-2024-36470 | High | 8.1 | 2024-05-29 | In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 authentication bypass was possible in specific edge cases |
CVE-2025-59457 | High | 7.7 | 2025-09-17 | In JetBrains TeamCity before 2025.07.2 missing Git URL validation allowed credential leakage on Windows |
CVE-2025-54531 | High | 7.7 | 2025-07-28 | In JetBrains TeamCity before 2025.07 path traversal was possible via plugin unpacking on Windows |
CVE-2025-26492 | High | 7.7 | 2025-02-11 | In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources |
CVE-2026-49374 | High | 7.6 | 2026-05-29 | In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters |
CVE-2026-49372 | High | 7.5 | 2026-05-29 | In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible |
CVE-2025-57732 | High | 7.5 | 2025-08-20 | In JetBrains TeamCity before 2025.07.1 privilege escalation was possible due to incorrect directory ownership |
CVE-2025-54530 | High | 7.5 | 2025-07-28 | In JetBrains TeamCity before 2025.07 privilege escalation was possible due to incorrect directory permissions |
CVE-2024-43114 | High | 7.5 | 2024-08-06 | In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory permissions |
CVE-2024-41827 | High | 7.4 | 2024-07-22 | In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration |
CVE-2024-31136 | High | 7.4 | 2024-03-28 | In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter |
CVE-2024-27199 | High | 7.3 | 2024-03-04 | In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible |
CVE-2026-49373 | High | 7.1 | 2026-05-29 | In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings |
CVE-2026-49371 | High | 7.1 | 2026-05-29 | In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible |
CVE-2024-36365 | Medium | 6.8 | 2024-05-29 | In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 a third-party agent could impersonate a cloud agent |