HIGH SeverityCVSS 3.17.4CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

CVE-2026-41882

Last updated Apr 30, 2026 · Published Apr 30, 2026

Description

In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, 2026.1.1 reading arbitrary local files was possible via built-in web server

Affected products

1 listed

JetBrains:IntelliJ IDEA

Mappings

CWE

CWE-59

CAPEC

None listed.

Research

Path traversal: how to detect and prevent itPath traversal lets attackers read or write files outside intended directories. Normalise paths, resolve them…

Training

Secure File HandlingUploads, storage, and serving files without opening the door to attackers.