Description
In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account
Published: 2026-05-29
Score: 8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An attacker can execute arbitrary commands through the guest user account in JetBrains IntelliJ IDEA. This vulnerability arises from insufficient access control (CWE-862), allowing the guest user to run system commands. The resulting compromise can lead to full compromise of the system running the IDE and manipulation of build or deployment artifacts.

Affected Systems

JetBrains IntelliJ IDEA prior to version 2026.1.1 is affected. Any installation of IntelliJ IDEA that includes the guest user account and does not apply the 2026.1.1 update is vulnerable.

Risk and Exploitability

The CVSS score of 8 indicates a high severity level. EPSS data is unavailable and the vulnerability is not listed in the CISA KEV catalog, suggesting a moderate exploitation likelihood. The attack vector is inferred to require access to the guest user account, which may be local or remote depending on how the IDE is deployed. No additional conditions or prerequisites are specified in the description, but the presence of the guest account is required to exploit the flaw.

Generated by OpenCVE AI on May 29, 2026 at 19:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade IntelliJ IDEA to version 2026.1.1 or newer
  • Disable or remove the guest user account if it is not required
  • Review and restrict any automated processes that grant guest-level access to the IDE

Generated by OpenCVE AI on May 29, 2026 at 19:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 29 May 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Jetbrains
Jetbrains intellij Idea
Vendors & Products Jetbrains
Jetbrains intellij Idea

Fri, 29 May 2026 18:30:00 +0000

Type Values Removed Values Added
Description In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Jetbrains Intellij Idea
cve-icon MITRE

Status: PUBLISHED

Assigner: JetBrains

Published:

Updated: 2026-05-30T03:57:44.022Z

Reserved: 2026-05-29T18:07:52.857Z

Link: CVE-2026-49367

cve-icon Vulnrichment

Updated: 2026-05-29T19:31:17.756Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-29T19:16:26.440

Modified: 2026-05-29T20:11:15.977

Link: CVE-2026-49367

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T20:00:05Z

Weaknesses