Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.1
TeamCity Allows Redirect to Malicious Sites During Project Creation
CVE-2026-28194
Summary
If you use JetBrains TeamCity to manage projects, an attacker could trick you into visiting a fake site by manipulating the project creation process. This is a security risk because it could lead to phishing or malware attacks. Update to TeamCity 2025.11.3 or later to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| jetbrains | teamcity | <= 2025.11.3 | – |
Original title
In JetBrains TeamCity before 2025.11.3 open redirect was possible in the React project creation flow
Original description
In JetBrains TeamCity before 2025.11.3 open redirect was possible in the React project creation flow
nvd CVSS3.1
6.1
Vulnerability type
CWE-601
Open Redirect
- https://www.jetbrains.com/privacy-security/issues-fixed/ Vendor Advisory
Published: 25 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026