CVE-2026-49368

In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible

high 8.7 CVSS 3.1
Published: May 29, 2026
Modified: Jun 1, 2026
Vendor: Jetbrains
Product: Youtrack

Description

In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible

References

Related CVEs

CVE-2026-49381 low · 3.4
In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible
CVE-2026-49382 medium · 4.5
In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin
CVE-2026-49383 low · 3.3
In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible
CVE-2026-49384 medium · 6.1
In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible
CVE-2026-49385 medium · 6.5
In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts
CVE-2026-49386 medium · 6.5
In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas