CVE-2026-49366

In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion

high 7.8 CVSS 3.1
Published: May 29, 2026
Modified: Jun 1, 2026
Vendor: Jetbrains
Product: Intellij Idea

Description

In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion

References

Related CVEs

CVE-2026-49381 low · 3.4
In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible
CVE-2026-49382 medium · 4.5
In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin
CVE-2026-49383 low · 3.3
In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible
CVE-2026-49384 medium · 6.1
In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible
CVE-2026-49385 medium · 6.5
In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts
CVE-2026-49386 medium · 6.5
In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas