CVE Catalog

CVE-2026-56141

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.37%

28th percentile — higher than 28% of all known CVEs

Summary

In JetBrains Hub before versions 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, and 2024.2.148429, account takeover via predictable restore codes was possible.

Risk Assessment

An attacker can exploit the predictability of restore codes to gain unauthorized access to a user account, leading to data confidentiality and integrity breaches.

Recommendation

Immediately update JetBrains Hub to one of the patched versions: 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, or 2024.2.148429.

Original NVD description (English source)

In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 account takeover via predictable restore codes was possible

Vulnerability data from NVD (NIST) · CISA KEV · EPSS