JetBrains YouTrack: Unsecured App Permissions Requests

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.3

JetBrains YouTrack: Unsecured App Permissions Requests

CVE-2026-28193

Summary

Some apps can access YouTrack's permission settings without permission. This allows unauthorized apps to see sensitive information or make changes to project settings. Update to version 2025.3.121962 or later to fix this issue.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
jetbrains	youtrack	<= 2025.3.121962	–

Original title

In JetBrains YouTrack before 2025.3.121962 apps were able to send requests to the app permissions endpoint

Original description

In JetBrains YouTrack before 2025.3.121962 apps were able to send requests to the app permissions endpoint

nvd CVSS3.1 5.3

Vulnerability type

CWE-862 Missing Authorization

https://www.jetbrains.com/privacy-security/issues-fixed/ Vendor Advisory

Published: 25 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026