CVE-2026-56141
CRITICALJetbrains Hub - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Title source: ruleDescription
In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 account takeover via predictable restore codes was possible
References (1)
Core 1
Core References
Scores
CVSS v3
9.8
EPSS
0.0037
EPSS Percentile
28.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-338
Status
published
Products (2)
JetBrains/Hub
< 2026.1.13757,
2025.3.148033,
2025.2.148048,
2025.1.148120,
2024.3.148430,
2024.2.148429
jetbrains/hub
2024.2.33606 - 2024.2.148429
Published
Jun 19, 2026
Tracked Since
Jun 19, 2026