Main Vulnerability Database Vulnerabilities #VU122468

Missing authentication for critical function in Hub - CVE-2026-25848

Published: February 9, 2026

Vulnerability identifier: #VU122468

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2026-25848

CWE-ID: CWE-306

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: JetBrains s.r.o.

Affected software:
Hub

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass authentication checks.

The vulnerability exists due to an error in the authentication process. A remote non-authenticated attacker can bypass authentication checks and gain unauthorized access to administrative actions.

Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.

How to mitigate CVE-2026-25848

Install updates from vendor's website.

Sources

https://www.jetbrains.com/privacy-security/issues-fixed/#ba7fe4fc4a7e651624a117e8bb8e30fe

Missing authentication for critical function in Hub - CVE-2026-25848

Detailed vulnerability description

How to mitigate CVE-2026-25848

Sources

Please verify you're human