HarborGuard / CVE
Back to search
HIGHCVE-2026-49367Published Modified CNA JetBrains

CVE-2026-49367: In JetBrains IntelliJ IDEA before 2026

In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account

HarborGuard Analysis

HarborGuard analysis

Synopsis

A command-execution flaw in JetBrains IntelliJ IDEA before 2026.1.1 lets a low-privileged guest user account run arbitrary commands on the host running the IDE. Exploitation reaches the IDE over the network, requires a low-privilege guest login, and needs some victim interaction to trigger; a successful attacker gains full code execution with the IDE user's privileges, exposing source, credentials, and the developer workstation. A patched-image rebuild at 2026.1.1 is available on HarborGuard for affected environments.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: CVE-2026-49367 is ingested from upstream feeds within minutes of publication and matched against IntelliJ IDEA versions found in customer registries and CI pipelines. Coverage includes custom-built images that bundle the IDE or its components.

Available
Triage

Triage scoring is available using the published CVSS 8.0 (High) and is reweighted per environment based on each customer org's compliance policy and exposure profile. Findings are routed to the configured inbox for the owning team inside each customer org.

Available
Patch

A patched-image rebuild at IntelliJ IDEA 2026.1.1 is available on HarborGuard for environments running an affected version. For customers who opt into auto-remediation, HarborGuard rebuilds the image at the fix version, runs the configured regression suite, and opens a PR against affected workloads.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the IDE or its exposed surface over the network (AV:N).

  • AuthenticationRequired

    A low-privilege guest user account is sufficient to trigger the command execution (PR:L).

  • Victim interactionRequired

    A legitimate user must perform some action in the IDE for the exploit to fire (UI:R).

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and does not depend on race conditions or environmental tuning (AC:L).

Blast Radius

  • Runs arbitrary commands on the developer workstation or build host with the privileges of the IDE process.
  • Reads source code, SSH keys, cloud credentials, and any secrets accessible to the developer's account.
  • Modifies project files, build outputs, or commits, enabling supply-chain tampering of downstream artifacts.
  • Can disrupt or crash the IDE and dependent local services, breaking developer workflows.

How HarborGuard Handles This

Available on HarborGuard: a rebuilt image at IntelliJ IDEA 2026.1.1 is staged for any environment whose scans match an affected version. For customers with auto-remediation enabled, HarborGuard runs the rebuild, executes the configured regression suite, and opens a pull request against affected workloads; median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes in those environments. Where compliance policy gates automated changes, the same rebuild is held for manual approval, and compensating guidance (restricting guest account usage and limiting network exposure of developer instances) is surfaced alongside the finding.

See how HarborGuard automates this

Metrics

CVSS v3.1
8.0
Severity
HIGH
Fixed in
2026.1.1
Affected Products
1

Fix available

2026.1.1
Affected packages
  • JetBrains / IntelliJ IDEA
    < 2026.1.1 (from 0)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
References
CVE-2026-49367: In JetBrains IntelliJ IDEA before 2026 | HarborGuard CVE