CVE-2026-25846

Published Feb 9, 2026

Last updated 24 days ago

CVSS medium 6.5

Overview

Description
In JetBrains YouTrack before 2025.3.119033 access tokens could be exposed in Mailbox logs
Source
cve@jetbrains.com
NVD status
Analyzed
Products
youtrack

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.5
Impact score
3.6
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity
MEDIUM

Weaknesses

cve@jetbrains.com
CWE-532

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. In JetBrains YouTrack before 2025.3.121962 apps were able to send requests to the app permissions endpointCVE-2026-28193
  2. In JetBrains YouTrack before 2025.3.104432 a race condition allowed bypass of helpdesk Agent limitCVE-2025-64773
  3. In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosureCVE-2025-64685
  4. In JetBrains YouTrack before 2025.3.104432 information disclosure was possible via the feedback formCVE-2025-64684
  5. In JetBrains YouTrack before 2025.2.92387 stored XSS was possible via Mermaid diagram contentCVE-2025-57731

References

Sources include official advisories and independent security research.