Description
In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings
Published: 2026-05-29
Score: 7.1 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

JetBrains TeamCity software contained a flaw in its handling of Perforce connection settings that allowed an attacker to execute arbitrary code on the server. The weakness is identified as CWE‑88 and permits remote code execution, which could compromise the confidentiality, integrity, and availability of the TeamCity installation and any affected build processes.

Affected Systems

The vulnerability affects all releases of JetBrains TeamCity prior to version 2026.1. Administrators using any unsupported or older version should consider the product in a vulnerable state until the upgrade is applied.

Risk and Exploitability

The CVSS score for this flaw is 7.1, indicating a high severity potential. EPSS data is not available, and the weakness is not listed in the CISA KEV catalog. The likely attack vector is over the network, where an attacker with the ability to configure Perforce connection settings can inject malicious values that are executed by the TeamCity service. Successful exploitation would give the attacker full control over the TeamCity host.

Generated by OpenCVE AI on May 29, 2026 at 19:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade TeamCity to version 2026.1 or later, eliminating the vulnerable configuration code.
  • Restrict write access to Perforce connection settings so only trusted administrators can modify them, reducing the window of opportunity for exploitation.
  • Implement regular configuration audits to detect unauthorized changes to connection settings and ensure they remain compliant with security policies.

Generated by OpenCVE AI on May 29, 2026 at 19:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 29 May 2026 20:00:00 +0000

Type Values Removed Values Added
Title Remote code execution via Perforce connection settings in JetBrains TeamCity
First Time appeared Jetbrains
Jetbrains teamcity
Vendors & Products Jetbrains
Jetbrains teamcity

Fri, 29 May 2026 18:30:00 +0000

Type Values Removed Values Added
Description In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings
Weaknesses CWE-88
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N'}

Subscriptions

Jetbrains Teamcity
cve-icon MITRE

Status: PUBLISHED

Assigner: JetBrains

Published:

Updated: 2026-05-30T03:57:37.194Z

Reserved: 2026-05-29T18:07:55.729Z

Link: CVE-2026-49373

cve-icon Vulnrichment

Updated: 2026-05-29T18:28:12.547Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-29T19:16:27.163

Modified: 2026-05-29T20:11:15.977

Link: CVE-2026-49373

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T19:45:06Z

Weaknesses