CVE-2026-41882

In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, 2026.1.1 reading arbitrary local files was possible via built-in web server

high 7.4 CVSS 3.1

Published: Apr 30, 2026

Modified: Apr 30, 2026

Description

In JetBrains IntelliJ IDEA before 2024.3.7.1,
2025.1.7.1,
2025.2.6.2,
2025.3.4.1,
2026.1.1 reading arbitrary local files was possible via built-in web server

References

https://www.jetbrains.com/privacy-security/issues-fixed/

Version	3.1
Score	7.4 / 10
Severity	high