• Category: Security
  • Status: confirmed
  • Sources: NVD, JetBrains fixed security issues
  • Summary: JetBrains disclosed CVE-2026-59793 on 2026-07-10, arbitrary file access through the Perforce VCS integration in TeamCity before 2026.1.2. CVSS 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), CWE-73, fixed in 2026.1.2. A companion issue CVE-2026-59794 is a stored XSS on the cloud profile page. No active exploitation is reported.
  • Why it matters: TeamCity is widely deployed CI/CD infrastructure with a history of exploited authentication and file-access flaws, so unpatched on-premises servers are a high-value target.
  • Follow-up: Watch for exploitation reports or a CISA KEV addition and confirm on-premises upgrade to 2026.1.2.

Send feedback on this story