JetBrains Toolbox
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in JetBrains Toolbox.
By the Year
In 2026 there have been 0 vulnerabilities in JetBrains Toolbox. Last year, in 2025 Toolbox had 4 security vulnerabilities published. Right now, Toolbox is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 4 | 7.20 |
| 2024 | 1 | 5.50 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 3 | 8.27 |
| 2019 | 2 | 0.00 |
It may take a day or so for new Toolbox vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent JetBrains Toolbox Security Vulnerabilities
JetBrains Toolbox App <2.6 SSH plugin insecure connection
CVE-2025-43014
6.5 - Medium
- April 17, 2025
In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation
Missing Critical Step in Authentication
JetBrains Toolbox App <2.6: Unencrypted Credential Transmission Over SSH
CVE-2025-43013
7.5 - High
- April 17, 2025
In JetBrains Toolbox App before 2.6 unencrypted credential transmission during SSH authentication was possible
Cleartext Transmission of Sensitive Information
Missing Host Key Verification in JetBrains Toolbox App SSH Plugin before 2.6
CVE-2025-42921
6.5 - Medium
- April 17, 2025
In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin
Improper Validation of Certificate with Host Mismatch
JetBrains Toolbox before 2.6: Command Injection via SSH plugin
CVE-2025-43012
8.3 - High
- April 17, 2025
In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible
Command Injection
JetBrains Toolbox App DoS via Malicious SVG Image (before 2.2)
CVE-2024-24943
5.5 - Medium
- February 06, 2024
In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image
Resource Exhaustion
JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack
CVE-2020-25013
7.5 - High
- November 16, 2020
JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler.
JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution
CVE-2020-25207
9.8 - Critical
- November 16, 2020
JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler.
In JetBrains ToolBox version 1.17 before 1.17.6856
CVE-2020-15827
7.5 - High
- August 08, 2020
In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signature verifications omitted the jetbrains-toolbox.exe file.
Improper Verification of Cryptographic Signature
In JetBrains Toolbox App before 1.15.5666 for Windows
CVE-2019-18368
- October 31, 2019
In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escalation was possible.
JetBrains Toolbox before 1.15.5605 was resolving an internal URL
CVE-2019-14959
- October 02, 2019
JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for JetBrains Toolbox or by JetBrains? Click the Watch button to subscribe.
