ZeroPath at Black Hat USA 2026

Brief Summary: JetBrains IntelliJ IDEA CVE-2026-49366 Command Injection via Filename Completion

A short review of CVE-2026-49366, a high severity command injection vulnerability in JetBrains IntelliJ IDEA that allows arbitrary OS command execution through the IDE's filename completion feature, affecting all versions before 2026.1.1.

CVE Analysis

8 min read

ZeroPath CVE Analysis
ZeroPath CVE Analysis

2026-05-29

Brief Summary: JetBrains IntelliJ IDEA CVE-2026-49366 Command Injection via Filename Completion
Experimental AI-Generated Content

This CVE analysis is an experimental publication that is completely AI-generated. The content may contain errors or inaccuracies and is subject to change as more information becomes available. We are continuously refining our process.

If you have feedback, questions, or notice any errors, please reach out to us.

[email protected]

Introduction

A command injection vulnerability in JetBrains IntelliJ IDEA's filename completion feature allows arbitrary OS command execution on developer workstations, carrying a CVSS score of 7.8. With over 16 million developers using IntelliJ IDEA worldwide, the potential blast radius extends well beyond individual machines into the CI/CD pipelines, source code repositories, and production infrastructure those developers access daily.

Technical Information

Root Cause: Unsanitized Input in Filename Completion

CVE-2026-49366 is classified under CWE-78: Improper Neutralization of Special Elements used in an OS Command. According to MITRE, this weakness occurs when "the product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command."

The vulnerability resides in IntelliJ IDEA's filename completion logic. When the IDE performs filename or path completion, it processes file paths or names that may contain shell metacharacters (such as backticks, $(), ;, |, or &) without proper sanitization. This allows an attacker to break out of the intended command structure and execute arbitrary OS commands in the context of the IDE process.

Analogous Vulnerability: CVE-2026-44656 in Vim

While JetBrains has not published detailed internal mechanics for CVE-2026-49366, a directly analogous vulnerability provides a clear technical model. CVE-2026-44656 in Vim (prior to 9.2.0435) exploited the :find command line completion logic. When the path option contained backtick-enclosed shell commands (e.g., `command`), Vim executed those commands during filename completion. As SentinelOne's analysis confirmed: "the flaw resides in the :find command-line completion logic. When the path option contains backtick-enclosed shell commands, Vim executes those commands during file name completion."

The IntelliJ IDEA vulnerability follows the same pattern: during filename or path completion, the IDE processes input containing shell metacharacters without proper sanitization, enabling command execution.

Inferred Attack Vector Analysis

Based on the CVSS score of 7.8 and the analogous CVE-2026-41153 in JetBrains Junie (which shares a similar command injection pattern with a CVSS 3.1 vector of CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L), CVE-2026-49366 likely involves:

ParameterLikely ValueConfidence
Attack VectorLocalMedium (based on analogous JetBrains CVE-2026-41153)
User InteractionRequiredHigh (filename completion requires user action)
Privileges RequiredNoneMedium
Confidentiality ImpactHighHigh (7.8 score implies high C impact)
Integrity ImpactHighMedium
Availability ImpactHighMedium

Important note: The NVD has not yet published the official CVSS vector for CVE-2026-49366. The above analysis is inferred from the CVSS score and the pattern of similar JetBrains vulnerabilities. The actual vector may differ.

Exploitation Scenario

An attacker could exploit this vulnerability through the following sequence:

  1. The attacker crafts a maliciously named file or directory containing shell metacharacters (e.g., backtick-enclosed commands, $() substitutions, or command separators like ; and |).
  2. The malicious filename is placed in a location that IntelliJ IDEA would scan during filename completion. This could be achieved by embedding the file in a shared Git repository, a dependency package, or a project template.
  3. A developer clones or opens the project containing the malicious filename in IntelliJ IDEA.
  4. When the developer triggers filename completion (e.g., by typing a path prefix and invoking autocomplete), the IDE processes the crafted filename.
  5. The shell metacharacters in the filename are interpreted by the underlying OS command execution, resulting in arbitrary command execution with the privileges of the IDE process (typically the developer's user account).

This attack flow is consistent with the Vim analog (CVE-2026-44656), where crafted path values triggered command execution during completion operations. The supply chain delivery mechanism is particularly concerning because it requires no direct access to the victim's workstation; the attacker only needs to place a malicious file in a repository the developer will open.

CVEProductMechanismCVSSCWEPublished
CVE-2026-49366IntelliJ IDEAFilename completion7.8CWE-78May 29, 2026
CVE-2026-41153JunieMalicious project file5.8CWE-77Apr 17, 2026
CVE-2026-44656VimPath completionModerateCWE-78May 2, 2026

The two 2026 JetBrains command injection CVEs share a common root cause: insufficient input validation when constructing command strings from external input. The Vim analog demonstrates that filename and path completion is a systemic weak point across developer tools, not an isolated issue in any single product.

Affected Systems and Versions

All versions of JetBrains IntelliJ IDEA before 2026.1.1 are affected by this vulnerability. JetBrains released IntelliJ IDEA 2026.1 on March 25, 2026, meaning that initial release was also vulnerable. The fix is included in version 2026.1.1, which was made available on the same day as the CVE publication (May 29, 2026).

Organizations should verify their installed version through the IDE's Help > About menu. Any installation running a version prior to 2026.1.1 should be considered vulnerable.

Vendor Security History

JetBrains has a notable track record of security vulnerabilities across its product line, with several incidents involving active exploitation by nation-state actors:

CVEProductTypeCVSSYear
CVE-2024-27198TeamCityAuthentication bypass9.82024
CVE-2024-27199TeamCityPath traversal7.32024
CVE-2023-42793TeamCityAuthentication bypassCritical2023
CVE-2025-32054IntelliJ IDEAInformation disclosureN/A2025
CVE-2025-57727IntelliJ IDEAInformation disclosureN/A2025
CVE-2025-58334IDE ServicesPrivilege escalationN/A2025
CVE-2026-41153JunieCommand injection5.82026
CVE-2026-44413TeamCity On PremisesHigh severity post authN/A2026
CVE-2026-49366IntelliJ IDEACommand injection7.82026

The TeamCity vulnerabilities are particularly relevant context. The Russian Foreign Intelligence Service (SVR) exploited CVE-2023-42793 beginning in late September 2023, as documented in a joint cybersecurity advisory by the FBI, CISA, NSA, and international partners. The BianLian ransomware group was observed by GuidePoint Security exploiting CVE-2024-27198 and CVE-2024-27199 to deliver malware including Jasmin ransomware. Microsoft researchers also identified North Korean state-linked actors abusing critical TeamCity vulnerabilities. CISA added CVE-2024-27198 to its Known Exploited Vulnerabilities catalog on March 7, 2024.

JetBrains demonstrates a pattern of promptly assigning CVEs and releasing patches. However, the recurrence of command injection vulnerabilities in 2026 across multiple products (Junie and IntelliJ IDEA) suggests that input sanitization for shell command construction may warrant broader architectural review across the JetBrains product line.

As of May 29, 2026, no threat intelligence sources confirm active exploitation of CVE-2026-49366, and it does not appear in the CISA Known Exploited Vulnerabilities catalog. However, the historical pattern of rapid exploitation following JetBrains vulnerability disclosures, combined with the supply chain attack potential of this specific flaw, warrants close monitoring in the coming weeks.

References

Detect & fix
what others miss

Works with
  • GitHub
  • GitLab
  • Bitbucket
  • Azure DevOps Services
  • Jira
  • Linear
  • Slack
  • Security Compass
Security magnifying glass visualization