Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2026-28195

CVE-2026-28195: JetBrains TeamCity Auth Bypass Vulnerability

CVE-2026-28195 is an authorization bypass vulnerability in JetBrains TeamCity that allows project developers to add parameters to build configurations without proper authorization. This article covers technical details, affected versions, impact, and mitigation strategies.

Published:

CVE-2026-28195 Overview

A missing authorization vulnerability has been identified in JetBrains TeamCity before version 2025.11.3. This security flaw allows authenticated project developers to add parameters to build configurations without proper authorization checks. The vulnerability stems from insufficient access control enforcement (CWE-862), enabling users with developer-level access to modify build configurations beyond their intended permissions.

Critical Impact

Authenticated project developers can manipulate build configuration parameters, potentially leading to unauthorized modifications of CI/CD pipelines, injection of malicious build parameters, or compromise of build integrity.

Affected Products

  • JetBrains TeamCity versions prior to 2025.11.3

Discovery Timeline

  • 2026-02-25 - CVE-2026-28195 published to NVD
  • 2026-02-25 - Last updated in NVD database

Technical Details for CVE-2026-28195

Vulnerability Analysis

This vulnerability represents a Missing Authorization flaw in JetBrains TeamCity's build configuration management system. The issue allows project developers to bypass intended access restrictions when adding parameters to build configurations. In a properly secured TeamCity environment, the ability to modify build configuration parameters should be restricted to users with appropriate administrative or elevated privileges. However, due to the missing authorization check, any authenticated user with basic developer access can perform these modifications.

The attack requires network access and authenticated credentials with at least project developer privileges. While no user interaction is required to exploit this vulnerability, the impact is limited to integrity concerns—specifically the unauthorized modification of build parameters. This could enable an attacker to inject malicious variables, override critical build settings, or manipulate the CI/CD pipeline behavior.

Root Cause

The root cause is improper access control implementation (CWE-862 - Missing Authorization) in the TeamCity build configuration parameter handling functionality. The application fails to verify that the requesting user has sufficient privileges to add parameters to build configurations before processing the request. This oversight allows lower-privileged users to perform actions that should be restricted to administrators or users with elevated permissions.

Attack Vector

The vulnerability is exploitable over the network by authenticated users. An attacker with valid project developer credentials can craft requests to add parameters to build configurations they should not be authorized to modify.

The exploitation flow involves:

  1. An attacker authenticates to TeamCity with project developer credentials
  2. The attacker identifies target build configurations
  3. Through the TeamCity interface or API, the attacker submits requests to add parameters to build configurations
  4. Due to the missing authorization check, TeamCity processes these requests without validating the user's permission level
  5. The unauthorized parameters are added to the build configuration

For technical implementation details, refer to the JetBrains Security Advisory.

Detection Methods for CVE-2026-28195

Indicators of Compromise

  • Unexpected or unauthorized parameters appearing in build configurations
  • Audit log entries showing build configuration modifications by users without appropriate privileges
  • Unusual API requests targeting build configuration parameter endpoints from developer accounts

Detection Strategies

  • Review TeamCity audit logs for build configuration parameter modifications by users who should not have such access
  • Monitor API access patterns for unusual parameter modification requests from developer-level accounts
  • Implement alerting on build configuration changes that occur outside of approved change windows
  • Compare current build configuration parameters against known-good baselines to detect unauthorized additions

Monitoring Recommendations

  • Enable comprehensive audit logging for all build configuration modifications in TeamCity
  • Implement real-time alerting for parameter changes in critical build configurations
  • Regularly review user permissions and access levels to ensure principle of least privilege
  • Deploy network monitoring to track API requests to TeamCity build configuration endpoints

How to Mitigate CVE-2026-28195

Immediate Actions Required

  • Upgrade JetBrains TeamCity to version 2025.11.3 or later immediately
  • Audit existing build configurations for any unauthorized parameter additions
  • Review and verify user permission assignments across all projects
  • Implement additional access controls at the network level to restrict TeamCity management access

Patch Information

JetBrains has addressed this vulnerability in TeamCity version 2025.11.3. Organizations should upgrade to this version or later to remediate the issue. For detailed information about security fixes, refer to the JetBrains Security Issues Fixed page.

Workarounds

  • Restrict network access to TeamCity administrative interfaces using firewall rules or network segmentation
  • Implement additional authentication layers such as VPN requirements for TeamCity access
  • Limit the number of users with project developer access to reduce the attack surface
  • Enable and monitor audit logging to detect any exploitation attempts before patching
bash
# Example: Restrict TeamCity access at the network level
# Add firewall rules to limit access to trusted IP ranges
iptables -A INPUT -p tcp --dport 8111 -s trusted_network_cidr -j ACCEPT
iptables -A INPUT -p tcp --dport 8111 -j DROP

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.