CVE-2026-50242
CriticalCVSS 10.0Exploitation Probability (EPSS)
Low risk35th percentile — higher than 35% of all known CVEs
Summary
In JetBrains Hub before versions 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, and 2024.2.148429, authentication bypass via direct database access leading to administrative access was possible.
Risk Assessment
An attacker with database access can gain full administrative control over the JetBrains Hub instance, enabling data theft, configuration modification, and privilege escalation.
Recommendation
Immediately update JetBrains Hub to one of the patched versions or later, and restrict database access to trusted systems only.
Original NVD description (English source)
In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 authentication bypass via direct database access leading to administrative access was possible

