CVSS 7.4 · HIGH
CVE-2026-41882
In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, 2026.1.1 reading arbitrary local files was possible via built-in web server
Ver en NVDAnálisis
JetBrains IntelliJ IDEA has a vulnerability in its built-in web server that allows an attacker to read arbitrary files from the local filesystem. Anyone using versions prior to the 2024.3, 2025.1, 2025.2, 2025.3, or 2026.1 patch releases should update immediately to protect sensitive data like private keys and configuration files.
Severidad
Puntaje: 7.4(HIGH)
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:NAV: NETWORK
AC: LOW
PR: NONE
UI: REQUIRED
S: CHANGED
C: HIGH
I: NONE
A: NONE
Tipo de falla (CWE):
CWE-59EPSS
Probabilidad de explotación (próx. 30 días): 0.0000 (0.0%)
Percentil: 0.0%
EPSS: 2026-05-06
Afecta
jetbrains:intellij_ideaDescripción técnica
In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, 2026.1.1 reading arbitrary local files was possible via built-in web server
Publicada: 30/4/2026, 12:16:24
Última modificación: 5/5/2026, 0:24:51