Top stories
JetBrains TeamCity arbitrary file access via Perforce integration (CVE-2026-59793)
- Category: Security
- Status: confirmed
- Sources: NVD, JetBrains fixed security issues
- Summary: JetBrains disclosed CVE-2026-59793 on 2026-07-10, arbitrary file access through the Perforce VCS integration in TeamCity before 2026.1.2. CVSS 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), CWE-73, fixed in 2026.1.2. A companion issue CVE-2026-59794 is a stored XSS on the cloud profile page. No active exploitation is reported.
- Why it matters: TeamCity is widely deployed CI/CD infrastructure with a history of exploited authentication and file-access flaws, so unpatched on-premises servers are a high-value target.
- Follow-up: Watch for exploitation reports or a CISA KEV addition and confirm on-premises upgrade to 2026.1.2.