CVE-2026-41882

HIGH 7.4

CVSS Score

7.4

EPSS Score

0.0%

EPSS Percentile

0th

In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, 2026.1.1 reading arbitrary local files was possible via built-in web server

CWE	CWE-59
Vendor	jetbrains
Product	intellij idea
Published	Apr 30, 2026

Stay Ahead of the Next One

Get instant alerts for jetbrains intellij idea

Be the first to know when new high vulnerabilities affecting jetbrains intellij idea are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Affected Versions

JetBrains / IntelliJ IDEA

0 < 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, 2026.1.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

jetbrains.com: https://www.jetbrains.com/privacy-security/issues-fixed/