📦

teamcity

Vendor: jetbrains

Actively Exploited 3 CISA KEV List

PoC / Exploits 6 Code Available

Total RCEs 15 Remote Access

Total CVEs 327 Total Indexed

Avg. EPSS 4.02% Exploit Prob.

Latest CVE CVE-2026-49381 May 29

Security Vulnerability Index

Page 1 / 33

3.4 CVSS

CVE-2026-49381

In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible

EPSS: 0.03%

Severity: LOW

May 29, 2026

3.1 CVSS

CVE-2026-49380

In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible

EPSS: 0.00%

Severity: LOW

May 29, 2026

6.5 CVSS

CVE-2026-49379

In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names

EPSS: 0.00%

Severity: MEDIUM

May 29, 2026

4.3 CVSS

CVE-2026-49378

In JetBrains TeamCity before 2026.1 credentials parameters were exposed via parameter autocompletion

EPSS: 0.00%

Severity: MEDIUM

May 29, 2026

4.3 CVSS

CVE-2026-49377

In JetBrains TeamCity before 2025.11.2 exposure of sensitive data via default agent parameters

EPSS: 0.00%

Severity: MEDIUM

May 29, 2026

6.5 CVSS

CVE-2026-49376

In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin

EPSS: 0.01%

Severity: MEDIUM

May 29, 2026

6.1 CVSS

CVE-2026-49375

In JetBrains TeamCity before 2026.1, 2025.11.5 reflected XSS was possible on the repository download page

EPSS: 0.11%

Severity: MEDIUM

May 29, 2026

7.6 CVSS

CVE-2026-49374

In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters

EPSS: 0.00%

Severity: HIGH

May 29, 2026

7.1 CVSS

CVE-2026-49373

RCE

In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings

EPSS: 0.02%

Severity: HIGH

May 29, 2026

7.5 CVSS

CVE-2026-49372

In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible

EPSS: 0.00%

Severity: HIGH

May 29, 2026

Displaying 10 of 327 Total Entries

1 2 3 4 5 ... 33

Total 33 Sections