CVE-2026-49383

In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible

low 3.3 CVSS 3.1
Published: May 29, 2026
Modified: Jun 1, 2026
Vendor: Jetbrains
Product: Intellij Idea

Description

In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible

References

Related CVEs

CVE-2026-49381 low · 3.4
In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible
CVE-2026-49382 medium · 4.5
In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin
CVE-2026-49384 medium · 6.1
In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible
CVE-2026-49385 medium · 6.5
In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts
CVE-2026-49386 medium · 6.5
In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas
CVE-2026-49372 high · 7.5
In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible