CVE-2026-56141
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk28th percentile — higher than 28% of all known CVEs
Summary
In JetBrains Hub before versions 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, and 2024.2.148429, account takeover via predictable restore codes was possible.
Risk Assessment
An attacker can exploit the predictability of restore codes to gain unauthorized access to a user account, leading to data confidentiality and integrity breaches.
Recommendation
Immediately update JetBrains Hub to one of the patched versions: 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, or 2024.2.148429.
Original NVD description (English source)
In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 account takeover via predictable restore codes was possible

