highCVE-2026-59793

CVE-2026-59793 JetBrains TeamCity vulnerability

In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS integration

ProductJetBrains TeamCity
CVSS8.8
EPSS0.00343
UpdatedJuly 12, 2026

Quick answer

JetBrains TeamCity should be reviewed and updated if it matches the affected versions. The recommended fix is to apply the vendor-supported patched version or the mitigation steps below, then retest the public website with Fixnx.

Who is affected

Affected versions

  • TeamCity before 2026.1.2

Fixed versions

  • 2026.1.2

How to fix it

CVE-2026-59793 affects JetBrains TeamCity where arbitrary file access was possible through the Perforce VCS integration. Prioritize deployments or workstations that process untrusted project data, issue content, agents, VCS integrations, or email content depending on the product. Update to 2026.1.2 or a later vendor-supported patched build listed by JetBrains. Restrict Perforce VCS roots, build configurations, and server filesystem access until patched.

  1. Inventory all JetBrains TeamCity installations, including production servers, developer workstations, plugins, integrations, and hosted/on-prem environments as applicable.
  2. Identify versions below the JetBrains fixed build for CVE-2026-59793: 2026.1.2.
  3. Upgrade JetBrains TeamCity to 2026.1.2 or a later vendor-supported patched build through the normal JetBrains update channel.
  4. Restrict Perforce VCS roots, build configurations, and server filesystem access until patched.
  5. Review product roles, project permissions, agent trust, VCS integrations, uploaded content, and plugin configuration for unnecessary exposure.
  6. Review application, audit, email, agent, VCS, and endpoint logs for suspicious payloads or unexpected file/content access around the affected workflow.
  7. If exploitation is suspected, revoke sessions and tokens, rotate integration credentials, remove malicious content, and preserve evidence before cleanup.

Scan now. Google sign-in is only needed to unlock fix guidance.

Verify the fix

  • Confirm JetBrains TeamCity reports 2026.1.2 or a later vendor-supported patched build.
  • Confirm Perforce integration paths cannot access files outside the intended VCS workspace.
  • Confirm relevant permissions, integrations, agents, and content-rendering paths are limited to the intended trusted users or systems.
  • Run focused regression tests for the affected workflow and verify malicious payloads render safely or are rejected.
  • Document patched build numbers, integration checks, log review, and any credential rotation or content cleanup.

Related categories

Trusted references

FAQ

What is affected by CVE-2026-59793?

JetBrains TeamCity versions listed as affected should be reviewed: TeamCity before 2026.1.2.

What should I fix first?

Start with internet-facing sites, admin panels, login flows, plugins, themes, modules, packages, and systems that process user-controlled input or sensitive data.

How do I confirm the fix worked?

Apply the patched version or mitigation, clear caches where relevant, retest the affected workflow, and run a new Fixnx scan to verify public website exposure signals.

How are Fixnx security risk categories chosen?

Fixnx keeps one canonical risk page and assigns only broad, relevant categories such as ecosystem, technology area, or vulnerability class.