CVE-2026-50242
CRITICALJetbrains Hub - Missing Authentication for Critical Function
Title source: ruleDescription
In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 authentication bypass via direct database access leading to administrative access was possible
References (1)
Core 1
Core References
Scores
CVSS v3
10.0
EPSS
0.0042
EPSS Percentile
33.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-306
Status
published
Products (2)
JetBrains/Hub
< 2026.1.13757,
2025.3.148033,
2025.2.148048,
2025.1.148120,
2024.3.148430,
2024.2.148429
jetbrains/hub
2024.2.33606 - 2024.2.148429
Published
Jun 19, 2026
Tracked Since
Jun 19, 2026