Teamcity

A remote, authenticated attacker can exploit a vulnerability in JetBrains TeamCity On-Premises to escalate privileges.

A security advisory released by JetBrains on May 11, 2026, addresses a vulnerability in JetBrains TeamCity versions prior to 2026.1 and 2025.11.5, requiring users to apply updates to mitigate potential risks.

Unpatched JetBrains TeamCity servers are being actively exploited via an authentication bypass (CVE-2024-27198) and path traversal vulnerability (CVE-2024-27199), allowing attackers to perform administrative actions and potentially conduct supply-chain attacks.

Detection of suspicious processes spawned by JetBrains TeamCity indicates potential exploitation of remote code execution vulnerabilities, with attackers using command interpreters and system binaries for malicious purposes.