PT-2026-21903 · Jetbrains · Jetbrains Youtrack
Published
2026-02-25
·
Updated
2026-03-02
·
CVE-2026-28193
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
JetBrains YouTrack versions prior to 2025.3.121962
Description
The software allows applications to send requests to the app permissions endpoint without authorization. This could lead to unauthorized actions related to application permissions management. The affected endpoint is
/app permissions. The vulnerable component is the app permissions functionality.Recommendations
Update JetBrains YouTrack to version 2025.3.121962 or later.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jetbrains Youtrack