YouTrack 2026.1.13162 Info Disclosure via fetchApp: CVE-2026-49370 May 2026

In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests

Vulnerability Analysis

CVE-2026-49370 is exploitable with network access, requires user interaction and user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

HIGH

User Interaction:

REQUIRED

Scope:

CHANGED

Confidentiality Impact:

LOW

Integrity Impact:

NONE

Availability Impact:

NONE

Weakness Type

Insertion of Sensitive Information Into Sent Data

The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor. Sensitive information could include data that is sensitive in and of itself (such as credentials or private messages), or otherwise useful in the further exploitation of the system (such as internal file system structure).

Products Associated with CVE-2026-49370

Want to know whenever a new CVE is published for JetBrains Youtrack? stack.watch will email you.

YouTrack 2026.1.13162 Info Disclosure via fetchApp
CVE-2026-49370 Published on May 29, 2026

Vulnerability Analysis

Weakness Type

Insertion of Sensitive Information Into Sent Data

Products Associated with CVE-2026-49370

Affected Versions

YouTrack 2026.1.13162 Info Disclosure via fetchAppCVE-2026-49370 Published on May 29, 2026

Vulnerability Analysis

Weakness Type

Insertion of Sensitive Information Into Sent Data

Products Associated with CVE-2026-49370

Affected Versions

YouTrack 2026.1.13162 Info Disclosure via fetchApp
CVE-2026-49370 Published on May 29, 2026