Description
In JetBrains YouTrack before 2025.3.131383 high privileged user can achieve RCE via sandbox bypass
Published: 2026-04-17
Score: 7.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Apply Patch
AI Analysis

Impact

The vulnerability allows an administrator or other high privileged user to bypass the sandbox and execute arbitrary code on the JetBrains YouTrack server. This leads to a full remote code execution condition for that account, enabling the attacker to take control of the underlying system and compromise confidentiality, integrity, and availability.

Affected Systems

JetBrains YouTrack, versions older than 2025.3.131383 are affected. The product is provided by JetBrains and the issue is tracked in JetBrains’ security advisory list.

Risk and Exploitability

The CVSS score of 7.2 reflects a high‑severity risk. EPSS data is unavailable, but the lack of KEV listing suggests no large–scale public exploitation is known. The vulnerability exploits a privileged sandbox bypass, meaning an attacker must first acquire or compromise a high privileged user account. Consequently, the attack vector is likely internal or via stolen credentials, and the likelihood of exploitation depends on the organization’s privileged access controls and monitoring capabilities.

Generated by OpenCVE AI on April 17, 2026 at 09:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade JetBrains YouTrack to version 2025.3.131383 or later, which removes the sandbox bypass flaw.
  • Limit high privileged user accounts to the minimum necessary permissions and consider isolating them in a protected subnet.
  • Enable multi‑factor authentication and monitor privileged account activity to detect potential misuse.

Generated by OpenCVE AI on April 17, 2026 at 09:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 17 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
Title High Privileged User Remote Code Execution via Sandbox Bypass in JetBrains YouTrack
First Time appeared Jetbrains
Jetbrains youtrack
Vendors & Products Jetbrains
Jetbrains youtrack

Fri, 17 Apr 2026 08:15:00 +0000

Type Values Removed Values Added
Description In JetBrains YouTrack before 2025.3.131383 high privileged user can achieve RCE via sandbox bypass
Weaknesses CWE-1336
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Jetbrains Youtrack
cve-icon MITRE

Status: PUBLISHED

Assigner: JetBrains

Published:

Updated: 2026-04-17T13:11:06.503Z

Reserved: 2026-03-19T12:17:14.827Z

Link: CVE-2026-33392

cve-icon Vulnrichment

Updated: 2026-04-17T13:10:56.931Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-17T08:16:17.877

Modified: 2026-04-17T15:13:15.930

Link: CVE-2026-33392

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T09:30:14Z

Weaknesses