CVE-2026-57922 Overview
CVE-2026-57922 is an information disclosure vulnerability in JetBrains YouTrack versions before 2026.2.16593. The flaw allows unauthorized disclosure of project settings through the Model Context Protocol (MCP) interface. The weakness is classified as Missing Authorization [CWE-862], meaning the affected endpoint fails to verify whether the requesting principal has permission to read project configuration data.
An attacker can query the MCP interface over the network without user interaction and retrieve confidential project settings. The vulnerability affects confidentiality only. Integrity and availability of YouTrack projects remain intact.
Critical Impact
Unauthenticated network-accessible disclosure of JetBrains YouTrack project settings via the MCP interface, exposing internal project configuration to unauthorized parties.
Affected Products
- JetBrains YouTrack versions prior to 2026.2.16593
- YouTrack instances with the MCP interface enabled
- Self-hosted and cloud YouTrack deployments running vulnerable builds
Discovery Timeline
- 2026-06-26 - CVE-2026-57922 published to the National Vulnerability Database
- 2026-06-27 - Last updated in NVD database
Technical Details for CVE-2026-57922
Vulnerability Analysis
JetBrains YouTrack exposes a Model Context Protocol (MCP) interface designed to let AI assistants and automation agents query issue tracker context. In vulnerable builds, an MCP endpoint returns project settings without validating whether the caller has the required project-read permission. This is a classic missing authorization failure [CWE-862].
Project settings can include internal identifiers, workflow rules, integration references, and configuration metadata. Disclosure of these settings gives an attacker reconnaissance data useful for follow-on attacks against connected services, CI/CD pipelines, or referenced repositories. The issue does not permit modification of data and does not affect service availability.
The vulnerability is remotely reachable over the network with low attack complexity and requires no authentication or user interaction.
Root Cause
The root cause is a missing authorization check on an MCP request handler that returns project settings. The handler processes requests without consulting the permission subsystem that gates equivalent REST API operations. As a result, callers that would normally be denied access via the standard API can obtain the same data through MCP.
Attack Vector
An attacker sends a crafted MCP request to a reachable YouTrack instance and receives project settings in the response. Because no credentials are required, any actor with network access to the YouTrack MCP endpoint can extract settings for known or enumerable project identifiers.
No verified proof-of-concept has been published. The vulnerability mechanism is described in the JetBrains Security Issues Fixed advisory.
Detection Methods for CVE-2026-57922
Indicators of Compromise
- Unexpected MCP requests targeting project settings endpoints from unknown source addresses
- Anomalous volume of MCP traffic to YouTrack outside normal AI-integration hours
- MCP responses containing project configuration served to unauthenticated sessions
Detection Strategies
- Review YouTrack access logs for MCP requests that return HTTP 200 without an associated authenticated session identifier
- Correlate MCP endpoint hits with the source IP allow-list for approved AI assistants and automation clients
- Alert on MCP calls that enumerate multiple project identifiers within a short time window
Monitoring Recommendations
- Forward YouTrack application and reverse-proxy logs to a central SIEM for retention and search
- Baseline normal MCP request patterns per client and alert on deviations
- Track the running YouTrack build number and generate a finding when instances remain on versions before 2026.2.16593
How to Mitigate CVE-2026-57922
Immediate Actions Required
- Upgrade JetBrains YouTrack to version 2026.2.16593 or later on all self-hosted instances
- Confirm JetBrains Cloud YouTrack tenants are running a fixed build
- Restrict network exposure of the MCP endpoint to trusted clients until patching is complete
- Audit recent MCP access logs for signs of project settings enumeration
Patch Information
JetBrains addressed the issue in YouTrack 2026.2.16593. Details are listed in the JetBrains Security Issues Fixed advisory. Administrators should apply the update through the standard YouTrack upgrade procedure and verify the build number after restart.
Workarounds
- Disable the MCP interface if it is not required by any integrated AI assistant or automation client
- Place YouTrack behind a reverse proxy that enforces authentication on MCP paths
- Limit inbound network access to the MCP port using firewall rules or a web application firewall policy
# Configuration example: restrict MCP endpoint at the reverse proxy
# nginx snippet placed in the YouTrack server block
location /mcp {
allow 10.0.0.0/8; # trusted automation subnet
deny all;
proxy_pass http://youtrack_backend;
}
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

