Intellij Idea
by Jetbrains
CVEs (62)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-49367 | Hig | 0.52 | 8.0 | 0.00 | May 29, 2026 | In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account | ||
| CVE-2026-49366 | Hig | 0.51 | 7.8 | 0.00 | May 29, 2026 | In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion | ||
| CVE-2017-8316 | Hig | 0.49 | 7.5 | 0.02 | Aug 3, 2018 | IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml. | ||
| CVE-2026-41882 | Hig | 0.48 | 7.4 | 0.00 | Apr 30, 2026 | In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, 2026.1.1 reading arbitrary local files was possible via built-in web server | ||
| CVE-2026-49382 | Med | 0.29 | 4.5 | 0.00 | May 29, 2026 | In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin | ||
| CVE-2026-49383 | Low | 0.21 | 3.3 | 0.00 | May 29, 2026 | In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible | ||
| CVE-2024-37051 | 0.01 | — | 0.04 | Jun 10, 2024 | GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3,… | |||
| CVE-2025-68269 | 0.00 | — | 0.00 | Dec 16, 2025 | In JetBrains IntelliJ IDEA before 2025.3 missing confirmation allowed opening of untrusted remote projects over SSH | |||
| CVE-2025-57730 | 0.00 | — | 0.00 | Aug 20, 2025 | In JetBrains IntelliJ IDEA before 2025.2 hTML injection was possible via Remote Development feature | |||
| CVE-2025-57729 | 0.00 | — | 0.00 | Aug 20, 2025 | In JetBrains IntelliJ IDEA before 2025.2 unexpected plugin startup was possible due to automatic LSP server start | |||
| CVE-2025-57728 | 0.00 | — | 0.00 | Aug 20, 2025 | In JetBrains IntelliJ IDEA before 2025.2 improper access control allowed Code With Me guest to discover hidden files | |||
| CVE-2025-57727 | 0.00 | — | 0.00 | Aug 20, 2025 | In JetBrains IntelliJ IDEA before 2025.2 credentials disclosure was possible via remote reference | |||
| CVE-2025-32054 | 0.00 | — | 0.00 | Apr 3, 2025 | In JetBrains IntelliJ IDEA before 2024.3, 2024.2.4 source code could be logged in the idea.log file | |||
| CVE-2024-46970 | 0.00 | — | 0.00 | Sep 16, 2024 | In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible | |||
| CVE-2024-24941 | 0.00 | — | 0.00 | Feb 6, 2024 | In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL | |||
| CVE-2024-24940 | 0.00 | — | 0.00 | Feb 6, 2024 | In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives | |||
| CVE-2023-51655 | 0.00 | — | 0.00 | Dec 21, 2023 | In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration | |||
| CVE-2023-39261 | 0.00 | — | 0.00 | Jul 26, 2023 | In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesting excessive permissions | |||
| CVE-2023-38069 | 0.00 | — | 0.00 | Jul 12, 2023 | In JetBrains IntelliJ IDEA before 2023.1.4 license dialog could be suppressed in certain cases | |||
| CVE-2022-48433 | 0.00 | — | 0.01 | Mar 29, 2023 | In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server. |
- risk 0.52cvss 8.0epss 0.00
In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account
- risk 0.51cvss 7.8epss 0.00
In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion
- risk 0.49cvss 7.5epss 0.02
IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml.
- risk 0.48cvss 7.4epss 0.00
In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, 2026.1.1 reading arbitrary local files was possible via built-in web server
- risk 0.29cvss 4.5epss 0.00
In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin
- risk 0.21cvss 3.3epss 0.00
In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible
- CVE-2024-37051Jun 10, 2024risk 0.01cvss —epss 0.04
GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3,…
- CVE-2025-68269Dec 16, 2025risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2025.3 missing confirmation allowed opening of untrusted remote projects over SSH
- CVE-2025-57730Aug 20, 2025risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2025.2 hTML injection was possible via Remote Development feature
- CVE-2025-57729Aug 20, 2025risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2025.2 unexpected plugin startup was possible due to automatic LSP server start
- CVE-2025-57728Aug 20, 2025risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2025.2 improper access control allowed Code With Me guest to discover hidden files
- CVE-2025-57727Aug 20, 2025risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2025.2 credentials disclosure was possible via remote reference
- CVE-2025-32054Apr 3, 2025risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2024.3, 2024.2.4 source code could be logged in the idea.log file
- CVE-2024-46970Sep 16, 2024risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible
- CVE-2024-24941Feb 6, 2024risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL
- CVE-2024-24940Feb 6, 2024risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives
- CVE-2023-51655Dec 21, 2023risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration
- CVE-2023-39261Jul 26, 2023risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesting excessive permissions
- CVE-2023-38069Jul 12, 2023risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2023.1.4 license dialog could be suppressed in certain cases
- CVE-2022-48433Mar 29, 2023risk 0.00cvss —epss 0.01
In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server.
Page 1 of 4