CVE-2026-56142
CRITICALJetbrains Hub - Improperly Controlled Modification of Dynamically-Determined Object Attributes
Title source: ruleDescription
In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 privilege escalation by attaching authentication details to accounts was possible
References (1)
Core 1
Core References
Scores
CVSS v3
9.9
EPSS
0.0042
EPSS Percentile
34.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-915
Status
published
Products (2)
JetBrains/Hub
< 2026.1.13757,
2025.3.148033,
2025.2.148048,
2025.1.148120,
2024.3.148430,
2024.2.148429
jetbrains/hub
2024.2.33606 - 2024.2.148429
Published
Jun 19, 2026
Tracked Since
Jun 19, 2026