Description
In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin
Published: 2026-05-29
Score: 4.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

JetBrains IntelliJ IDEA before 2026.1 contains a template injection flaw in the Copyright plugin that permits execution of arbitrary code, identified as CWE-1336. The vulnerability can compromise the confidentiality, integrity, and availability of the host system by granting attackers the ability to run malicious payloads within the IDE environment.

Affected Systems

The flaw affects JetBrains IntelliJ IDEA versions earlier than 2026.1. No other products or vendors are listed in the advisory.

Risk and Exploitability

The CVSS score of 4.5 indicates moderate severity and the EPSS score is not available; the issue is not listed in the CISA KEV catalog. Because template injection requires the ability to supply malicious template data, the likely attack vector is local or relies on the deployment of a tampered plugin or user interaction. An attacker who can influence the template content can trigger code execution through the vulnerable plugin.

Generated by OpenCVE AI on May 29, 2026 at 19:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade IntelliJ IDEA to version 2026.1 or later to remove the template injection flaw.
  • Disable or uninstall the Copyright plugin if it is not required for development.
  • Ensure all installed plugins are sourced from trusted outlets and verified with proper digital signatures before installation.

Generated by OpenCVE AI on May 29, 2026 at 19:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 29 May 2026 20:00:00 +0000

Type Values Removed Values Added
Title Template Injection in IntelliJ IDEA Copyright Plugin Enables Code Execution
First Time appeared Jetbrains
Jetbrains intellij Idea
Vendors & Products Jetbrains
Jetbrains intellij Idea

Fri, 29 May 2026 18:30:00 +0000

Type Values Removed Values Added
Description In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin
Weaknesses CWE-1336
References
Metrics cvssV3_1

{'score': 4.5, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L'}

Subscriptions

Jetbrains Intellij Idea
cve-icon MITRE

Status: PUBLISHED

Assigner: JetBrains

Published:

Updated: 2026-05-29T19:28:03.037Z

Reserved: 2026-05-29T18:07:59.149Z

Link: CVE-2026-49382

cve-icon Vulnrichment

Updated: 2026-05-29T19:27:54.152Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-29T19:16:28.223

Modified: 2026-05-29T20:11:15.977

Link: CVE-2026-49382

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T19:45:06Z

Weaknesses