CVE-2026-49375

Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2026.1 JetBrains TeamCity version 2025.11.5

Description A reflected Cross-Site Scripting (XSS) issue exists on the repository download page. Reflected XSS occurs when an application receives data in an HTTP request and includes that data within the immediate response in an unsafe way, allowing an attacker to execute malicious scripts in the victim's browser.

Recommendations Update to version 2026.1 or later. Update to a version newer than 2025.11.5.