CVE-2026-49366NVD

In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion

Severity Level

HIGH(7.8)

Published Date

May 29, 2026

Last Modified

Jun 1, 2026

Exploitation Status

UNKNOWN

Root Weakness (CWE)

The software constructs all or part of an OS command using externally-influenced input, but does not properly neutralize special elements.

EPSS Score (30-Day)

0.00%Probability

CVSS v3.1 Base Metrics

Attack VectorLocal

Attack ComplexityLow

Privileges RequiredNone

User InteractionRequired

ScopeUnchanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh