SecuriTricks - CVE-2026-56142

Description

In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 privilege escalation by attaching authentication details to accounts was possible

Product(s) Impacted

Vendor	Product	Versions
Jetbrains	Hub	2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-915

Improperly Controlled Modification of Dynamically-Determined Object Attributes

The product receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an object, but it does not properly control which attributes can be modified.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	jetbrains	hub	2026.1.13757	/	/	/	/	/	/	/
a	jetbrains	hub	2025.3.148033	/	/	/	/	/	/	/
a	jetbrains	hub	2025.2.148048	/	/	/	/	/	/	/
a	jetbrains	hub	2025.1.148120	/	/	/	/	/	/	/
a	jetbrains	hub	2024.3.148430	/	/	/	/	/	/	/
a	jetbrains	hub	2024.2.148429	/	/	/	/	/	/	/

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS Score

9.9 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: LOW
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

View Vector String

Timeline

Published: June 19, 2026, 1:16 p.m.
Last Modified: June 19, 2026, 1:16 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

[email protected]

CVE-2026-56142