TeamCity

Multiple vulnerabilities in JetBrains TeamCity allow an attacker to disclose information, perform a cross-site scripting attack, bypass security measures, and execute arbitrary program code.

A security advisory released by JetBrains on May 11, 2026, addresses a vulnerability in JetBrains TeamCity versions prior to 2026.1 and 2025.11.5, requiring users to apply updates to mitigate potential risks.

Detection of suspicious processes spawned by JetBrains TeamCity indicates potential exploitation of remote code execution vulnerabilities, with attackers using command interpreters and system binaries for malicious purposes.

A relative path traversal vulnerability in JetBrains TeamCity (CVE-2024-27199) could allow limited administrative actions and has been linked to ransomware attacks.