Teamcity

This hub aggregates every CVE we track for Teamcity, a product in the devtools ci space. Use it to gauge the current risk picture and drill into individual advisories.

DevTools & CIon-premdev tool

269

CVEs tracked

Critical

High

In CISA KEV

Severity distribution

MEDIUM186HIGH36LOW30CRITICAL17

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 15 most recently published vulnerabilities affecting Teamcity.

CVE-2026-49381In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible3.4May 29, 2026
CVE-2026-49380In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible3.1May 29, 2026
CVE-2026-49377In JetBrains TeamCity before 2025.11.2 exposure of sensitive data via default agent parameters4.3May 29, 2026
CVE-2026-49379In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names6.5May 29, 2026
CVE-2026-49378In JetBrains TeamCity before 2026.1 credentials parameters were exposed via parameter autocompletion4.3May 29, 2026
CVE-2026-49375In JetBrains TeamCity before 2026.1, 2025.11.5 reflected XSS was possible on the repository download page6.1May 29, 2026
CVE-2026-49376In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin6.5May 29, 2026
CVE-2026-49374In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters7.6May 29, 2026
CVE-2026-49373In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings7.1May 29, 2026
CVE-2026-49372In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible7.5May 29, 2026
CVE-2026-49371In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible7.1May 29, 2026
CVE-2026-44413In JetBrains TeamCity before 2026.1 2025.11.5 authenticated users could expose server API to unauthorised access8.2May 11, 2026
CVE-2026-28196In JetBrains TeamCity before 2025.11.3 disabling versioned settings left a credentials config on disk2.3Feb 25, 2026
CVE-2026-28195In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add parameters to build configurations4.3Feb 25, 2026
CVE-2026-28194In JetBrains TeamCity before 2025.11.3 open redirect was possible in the React project creation flow4.3Feb 25, 2026

Product normalization is registry-driven with AI assist and human review. How it works