Youtrack

This hub aggregates every CVE we track for Youtrack, a product in the devtools ci space. Use it to gauge the current risk picture and drill into individual advisories.

DevTools & CIon-premdesktop app

108

CVEs tracked

Critical

High

In CISA KEV

Severity distribution

MEDIUM68HIGH25CRITICAL8LOW7

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 15 most recently published vulnerabilities affecting Youtrack.

CVE-2026-49386In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas6.5May 29, 2026
CVE-2026-49385In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts6.5May 29, 2026
CVE-2026-49370In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests3.4May 29, 2026
CVE-2026-49369In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages4.3May 29, 2026
CVE-2026-49368In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible8.7May 29, 2026
CVE-2026-33392In JetBrains YouTrack before 2025.3.131383 high privileged user can achieve RCE via sandbox bypass7.2Apr 17, 2026
CVE-2026-28193In JetBrains YouTrack before 2025.3.121962 apps were able to send requests to the app permissions endpoint8.8Feb 25, 2026
CVE-2026-25846In JetBrains YouTrack before 2025.3.119033 access tokens could be exposed in Mailbox logs6.5Feb 9, 2026
CVE-2025-64773In JetBrains YouTrack before 2025.3.104432 a race condition allowed bypass of helpdesk Agent limit2.7Nov 11, 2025
CVE-2025-64685In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure8.1Nov 10, 2025
CVE-2025-64684In JetBrains YouTrack before 2025.3.104432 information disclosure was possible via the feedback form4.3Nov 10, 2025
CVE-2025-57731In JetBrains YouTrack before 2025.2.92387 stored XSS was possible via Mermaid diagram content8.7Aug 20, 2025
CVE-2025-54527In JetBrains YouTrack before 2025.2.86935, 2025.2.87167, 2025.3.87341, 2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions6.1Jul 28, 2025
CVE-2025-53959In JetBrains YouTrack before 2025.2.86069, 2024.3.85077, 2025.1.86199 email spoofing via an administrative API was possible7.6Jul 15, 2025
CVE-2025-47850In JetBrains YouTrack before 2025.1.74704 restricted attachments could become visible after issue cloning4.3May 20, 2025

Product normalization is registry-driven with AI assist and human review. How it works