CVE-2026-41882

Description

In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, 2026.1.1 reading arbitrary local files was possible via built-in web server

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Affected products

JetBrains / IntelliJ IDEA0 – 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, 2026.1.1

References

MISChttps://www.jetbrains.com/privacy-security/issues-fixed/