Intellij idea

This hub aggregates every CVE we track for Intellij idea. Use it to gauge the current risk picture and drill into individual advisories.

other

CVEs tracked

Critical

High

In CISA KEV

Severity distribution

MEDIUM27HIGH16LOW12CRITICAL7

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 15 most recently published vulnerabilities affecting Intellij idea.

CVE-2026-49383In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible3.3May 29, 2026
CVE-2026-49382In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin4.5May 29, 2026
CVE-2026-49367In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account8.0May 29, 2026
CVE-2026-49366In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion7.8May 29, 2026
CVE-2026-41882In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, 2026.1.1 reading arbitrary local files was possible via built-in web server7.4Apr 30, 2026
CVE-2025-68269In JetBrains IntelliJ IDEA before 2025.3 missing confirmation allowed opening of untrusted remote projects over SSH5.4Dec 16, 2025
CVE-2025-57730In JetBrains IntelliJ IDEA before 2025.2 hTML injection was possible via Remote Development feature5.2Aug 20, 2025
CVE-2025-57729In JetBrains IntelliJ IDEA before 2025.2 unexpected plugin startup was possible due to automatic LSP server start6.5Aug 20, 2025
CVE-2025-57727In JetBrains IntelliJ IDEA before 2025.2 credentials disclosure was possible via remote reference4.7Aug 20, 2025
CVE-2025-57728In JetBrains IntelliJ IDEA before 2025.2 improper access control allowed Code With Me guest to discover hidden files6.5Aug 20, 2025
CVE-2025-32054In JetBrains IntelliJ IDEA before 2024.3, 2024.2.4 source code could be logged in the idea.log file3.3Apr 3, 2025
CVE-2024-46970In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible3.3Sep 16, 2024
CVE-2024-37051GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLi...9.3Jun 10, 2024
CVE-2024-24941In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL6.1Feb 6, 2024
CVE-2024-24940In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives2.8Feb 6, 2024

Product normalization is registry-driven with AI assist and human review. How it works