CVE Catalog

CVE-2026-50242

CriticalCVSS 10.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.44%

35th percentile — higher than 35% of all known CVEs

Summary

In JetBrains Hub before versions 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, and 2024.2.148429, authentication bypass via direct database access leading to administrative access was possible.

Risk Assessment

An attacker with database access can gain full administrative control over the JetBrains Hub instance, enabling data theft, configuration modification, and privilege escalation.

Recommendation

Immediately update JetBrains Hub to one of the patched versions or later, and restrict database access to trusted systems only.

Original NVD description (English source)

In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 authentication bypass via direct database access leading to administrative access was possible

Vulnerability data from NVD (NIST) · CISA KEV · EPSS