JETBRAINS INTELLIJ IDEA <2026.1 UI Designer XXE in Form Parser: CVE-2026-49383 May 2026

In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible

Vulnerability Analysis

CVE-2026-49383 can be exploited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.

Attack Vector:

LOCAL

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

REQUIRED

Scope:

UNCHANGED

Confidentiality Impact:

LOW

Integrity Impact:

NONE

Availability Impact:

NONE

Weakness Type

What is a XXE Vulnerability?

The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

CVE-2026-49383 has been classified to as a XXE vulnerability or weakness.

Products Associated with CVE-2026-49383

Want to know whenever a new CVE is published for JetBrains Intellij Idea? stack.watch will email you.

JETBRAINS INTELLIJ IDEA <2026.1 UI Designer XXE in Form Parser
CVE-2026-49383 Published on May 29, 2026

Vulnerability Analysis

Weakness Type

What is a XXE Vulnerability?

Products Associated with CVE-2026-49383

Affected Versions

JETBRAINS INTELLIJ IDEA <2026.1 UI Designer XXE in Form ParserCVE-2026-49383 Published on May 29, 2026

Vulnerability Analysis

Weakness Type

What is a XXE Vulnerability?

Products Associated with CVE-2026-49383

Affected Versions

JETBRAINS INTELLIJ IDEA <2026.1 UI Designer XXE in Form Parser
CVE-2026-49383 Published on May 29, 2026