9.9

CVE-2026-56142

Medienbericht
In JetBrains Hub before 2026.1.13757,
2025.3.148033,
2025.2.148048,
2025.1.148120,
2024.3.148430,
2024.2.148429 privilege escalation by attaching authentication details to accounts was possible
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
JetBrainsHub Version >= 2024.2.33606 < 2024.2.148429
JetBrainsHub Version >= 2024.3.44799 < 2024.3.148430
JetBrainsHub Version >= 2025.1.62455 < 2025.1.148120
JetBrainsHub Version >= 2025.2.86069 < 2025.2.148048
JetBrainsHub Version >= 2025.3.104432 < 2025.3.148033
JetBrainsHub Version >= 2026.1.12024 < 2026.1.13757
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.42% 0.34
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cve@jetbrains.com 9.9 3.1 6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes

The product receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an object, but it does not properly control which attributes can be modified.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
06.07.2026 15:32
https://www.jetbrains.com/privacy-security/issues-fixed/
Vendor Advisory