Introduction
An unauthenticated Server-Side Request Forgery vulnerability in JetBrains TeamCity's build status feature gives any network reachable attacker the ability to turn a CI/CD server into a proxy for internal network reconnaissance and cloud credential theft. Given that TeamCity servers routinely hold source code, deployment credentials, and production access, and that this product has already been targeted by APT29 and ransomware operators, CVE-2026-49372 represents a meaningful addition to an already active threat surface.
Technical Information
Root Cause
CVE-2026-49372 is classified under CWE-918 (Server-Side Request Forgery). The vulnerability resides in TeamCity's build status feature, a mechanism used for reporting and querying the status of build executions. In CI/CD workflows, build status endpoints are commonly designed to be accessible to external systems for integration with chat platforms, dashboards, and deployment pipelines.
The core issue is that the build status endpoint accepts URL input (likely for build status callbacks or notifications) and uses it to initiate server-side HTTP requests without properly validating the user-supplied URL. As defined by MITRE's CWE-918 specification, this means the application fetches a remote resource without ensuring the destination is safe or expected. Critically, the endpoint does not require any form of authentication, meaning any attacker who can reach the TeamCity server over the network can trigger the SSRF.
Attack Flow
Based on the CWE-918 framework and the documented characteristics of this vulnerability, exploitation would follow this general sequence:
-
Reconnaissance: The attacker identifies a TeamCity On-Premises instance accessible over the network. Many TeamCity deployments are internet-facing to support remote development and CI/CD operations.
-
Crafting the SSRF request: The attacker sends a request to the build status endpoint, supplying a URL pointing to an internal resource. No authentication credentials are needed.
-
Server-side request execution: The TeamCity server processes the request and initiates an HTTP connection to the attacker-specified URL. Because the request originates from the TeamCity server itself, it bypasses network segmentation controls and firewalls that would normally block external access to internal services.
-
Exploitation scenarios:
- Internal network scanning: The attacker targets internal IP addresses and ports to identify live hosts and running services. Response timing and status codes reveal network topology even in blind SSRF scenarios.
- Cloud metadata access: In cloud-hosted deployments (AWS, GCP, Azure), the attacker targets the metadata endpoint at
169.254.169.254to retrieve instance credentials, IAM tokens, and configuration data. These credentials can enable privilege escalation within the cloud environment. - Credential harvesting: If the SSRF returns response content to the attacker (non-blind SSRF), internal service responses containing sensitive data can be exfiltrated directly.
- Chaining with internal vulnerabilities: The SSRF serves as a pivot point to reach internal services such as databases, message queues, or internal APIs that may have their own exploitable weaknesses.
CVSS and Severity Context
The assigned CVSS score of 7.5 places this in the High severity range, consistent with an unauthenticated, network-exploitable vulnerability impacting confidentiality. The NVD record is currently marked as "Undergoing Enrichment," so the full CVSS vector string and CPE applicability statements have not yet been finalized. The final score may be adjusted once enrichment is complete.
Relationship to CVE-2026-44413
CVE-2026-49372 was published on the same day as CVE-2026-44413, a high-severity post-authentication vulnerability that allows authenticated users (including guest accounts if guest access is enabled) to expose parts of the TeamCity server API to unauthorized access. Both vulnerabilities are fixed in the same versions (2026.1 and 2025.11.5), and both affect only TeamCity On-Premises.
The key distinction is the authentication requirement. CVE-2026-49372 requires no authentication whatsoever, making it exploitable at scale using automated scanning tools. CVE-2026-44413 requires at least a guest-level account but potentially enables broader API access once an attacker has any foothold. Organizations should patch for both simultaneously.
| Attribute | CVE-2026-49372 | CVE-2026-44413 |
|---|---|---|
| Vulnerability Type | SSRF (CWE-918) | Auth bypass / API exposure (CWE-306) |
| Authentication Required | No | Yes (any authenticated user, including guest) |
| CVSS Score | 7.5 | High (undergoing NVD enrichment) |
| Attack Vector | Build status endpoint | Server API endpoints |
| Fixed In | 2026.1, 2025.11.5 | 2026.1, 2025.11.5 |
| TeamCity Cloud Affected | No | No |
Architectural Pattern
This vulnerability fits into a recurring pattern in TeamCity's architecture. TeamCity's core function as a CI/CD orchestrator inherently requires it to make outbound network connections to repositories, build agents, notification systems, and deployment targets. This functional requirement creates a persistent attack surface for SSRF, as evidenced by five distinct SSRF-classified CVEs documented since 2020: CVE-2020-35667, CVE-2021-31910, CVE-2022-24333, CVE-2022-46830, and now CVE-2026-49372. Each successive vulnerability has been patched, but the recurrence suggests the root cause is architectural rather than incidental: the product's legitimate need for outbound connectivity creates an ongoing challenge for input validation at every point where URLs or network destinations are accepted from user-controlled input.
Affected Systems and Versions
The following TeamCity On-Premises versions are affected:
- All JetBrains TeamCity On-Premises versions before 2026.1
- All JetBrains TeamCity On-Premises versions before 2025.11.5 (in the 2025.x release line)
The vulnerability is fixed in:
- TeamCity 2026.1
- TeamCity 2025.11.5
TeamCity Cloud is not affected. JetBrains has confirmed that TeamCity Cloud deployments do not require any action for this vulnerability. Organizations should verify whether their deployment is On-Premises or Cloud before determining their exposure.
The vulnerability affects all TeamCity installations where the firewall permits inbound connections to the TeamCity server, particularly those that are internet-facing. Installations where build agents run on the same host as the TeamCity server may have additional exposure.
Vendor Security History
JetBrains TeamCity has accumulated a notable track record of security vulnerabilities, several of which have reached Critical severity and been exploited in the wild. The following table summarizes key CVEs from the JetBrains security fixes page:
| CVE | Description | Severity | Fixed In |
|---|---|---|---|
| CVE-2026-44413 | Authenticated users could expose server API to unauthorized access | High | 2026.1, 2025.11.5 |
| CVE-2026-28194 | Open redirect in React project creation flow | Medium | 2025.11.3 |
| CVE-2026-28195 | Missing authorization for project developers to add parameters | Medium | 2025.11.3 |
| CVE-2024-27198 | Authentication bypass allowing admin actions | Critical | 2023.11.4 |
| CVE-2024-23917 | Authentication bypass leading to RCE | Critical | 2023.11.3 |
| CVE-2023-42793 | Authentication bypass leading to RCE on TeamCity Server | Critical | 2023.05.4 |
| CVE-2023-34218 | Bypass of permission checks allowing admin actions | Critical | 2023.05, 2022.10.4 |
| CVE-2022-46830 | SSRF via custom STS endpoint | Medium | 2022.10.1 |
| CVE-2022-25263 | OS command injection in Agent Push feature | High | 2021.2.3 |
| CVE-2022-24333 | Blind SSRF via XML-RPC call | Medium | 2021.2 |
| CVE-2021-31910 | Information disclosure via SSRF | High | 2020.2.3 |
| CVE-2020-35667 | Plugin SSRF potentially exposing user credentials | High | 2020.2.85695 |
The pattern of recurring authentication bypass and SSRF vulnerabilities across multiple years and major versions indicates that organizations running TeamCity On-Premises should maintain a rigorous patching cadence and defense-in-depth posture around their CI/CD infrastructure.
JetBrains TeamCity has been directly targeted by state-sponsored threat actors. APT29 (Cozy Bear) exploited CVE-2024-27198 in real-world campaigns. Trend Micro documented exploitation of TeamCity vulnerabilities leading to deployment of Jasmin ransomware, XMRig cryptocurrency miners, Cobalt Strike beacons, and SparkRAT backdoors. Darktrace observed rapid exploitation of CVE-2024-27198 across customer environments. According to Vectra AI, SSRF attacks broadly surged 452% in 2024, driven in part by AI-powered automation of vulnerability discovery and exploitation.
While no public proof-of-concept exploit or active exploitation of CVE-2026-49372 has been documented as of May 29, 2026, the unauthenticated nature of the vulnerability, the high value of CI/CD infrastructure as a target, and the demonstrated interest of sophisticated threat actors in TeamCity all suggest that exploitation attempts are likely in the near term.
References
- NVD: CVE-2026-49372
- JetBrains Fixed Security Issues
- JetBrains Blog: CVE-2026-44413 Advisory
- CWE-918: Server-Side Request Forgery (SSRF)
- Trend Micro: TeamCity Vulnerability Exploits Lead to Jasmin Ransomware
- RidgeSecurity: JetBrains TeamCity Auth Bypass and Cozy Bear Exploits
- Vectra AI: Server Side Request Forgery (SSRF)
- Darktrace: Detecting TeamCity Exploitation Activity
- Rapid7: CVE-2024-27198 and CVE-2024-27199 TeamCity Authentication Bypass
- Splunk: Security Insights on TeamCity CVE-2024-27198
- JetBrains TeamCity Product Page
- JetBrains Blog: CI/CD Security Risks
- Help Net Security: JetBrains TeamCity CVE-2026-44413



