Home / Vulnerability Intelligence / CVE-2026-28193

CVE-2026-28193 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: February 26, 2026

JetBrains YouTrack - Broken Access Control

Published: February 25, 2026Updated: February 26, 2026Remote Exploitable

Overview

JetBrains YouTrack < 2025.3.121962 contains an insecure access control vulnerability caused by apps being able to send requests to the app permissions endpoint, letting attackers potentially manipulate permissions, exploit requires app access.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 0.1%(Probability of exploitation in next 30 days)

Impact

Attackers with app access can manipulate app permissions, potentially leading to unauthorized actions or privilege escalation.

Mitigation

Upgrade to version 2025.3.121962 or later.

References

https://www.jetbrains.com/privacy-security/issues-fixed/

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Feb 25, 2026

🟠 CVE-2026-28193 - High (8.8) In JetBrains YouTrack before 2025.3.121962 apps were able to send requests to the app permissions endpoint 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28193/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-28193
Severity: High
CVSS Score: 8.8
Type: broken_access_control
Status: confirmed
EPSS: 0.1%
Social Posts: 1

CWE

CWE-862

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.1%Probability of exploitation in the next 30 days