ZeroPath at Black Hat USA 2026

Quick Look: CVE-2026-49372 — Unauthenticated SSRF in JetBrains TeamCity Build Status

A brief summary of CVE-2026-49372, an unauthenticated Server-Side Request Forgery vulnerability in JetBrains TeamCity On-Premises triggered via the build status feature, with a CVSS score of 7.5 and implications for CI/CD infrastructure security.

CVE Analysis

10 min read

ZeroPath CVE Analysis
ZeroPath CVE Analysis

2026-05-29

Quick Look: CVE-2026-49372 — Unauthenticated SSRF in JetBrains TeamCity Build Status
Experimental AI-Generated Content

This CVE analysis is an experimental publication that is completely AI-generated. The content may contain errors or inaccuracies and is subject to change as more information becomes available. We are continuously refining our process.

If you have feedback, questions, or notice any errors, please reach out to us.

[email protected]

Introduction

An unauthenticated Server-Side Request Forgery vulnerability in JetBrains TeamCity's build status feature gives any network reachable attacker the ability to turn a CI/CD server into a proxy for internal network reconnaissance and cloud credential theft. Given that TeamCity servers routinely hold source code, deployment credentials, and production access, and that this product has already been targeted by APT29 and ransomware operators, CVE-2026-49372 represents a meaningful addition to an already active threat surface.

Technical Information

Root Cause

CVE-2026-49372 is classified under CWE-918 (Server-Side Request Forgery). The vulnerability resides in TeamCity's build status feature, a mechanism used for reporting and querying the status of build executions. In CI/CD workflows, build status endpoints are commonly designed to be accessible to external systems for integration with chat platforms, dashboards, and deployment pipelines.

The core issue is that the build status endpoint accepts URL input (likely for build status callbacks or notifications) and uses it to initiate server-side HTTP requests without properly validating the user-supplied URL. As defined by MITRE's CWE-918 specification, this means the application fetches a remote resource without ensuring the destination is safe or expected. Critically, the endpoint does not require any form of authentication, meaning any attacker who can reach the TeamCity server over the network can trigger the SSRF.

Attack Flow

Based on the CWE-918 framework and the documented characteristics of this vulnerability, exploitation would follow this general sequence:

  1. Reconnaissance: The attacker identifies a TeamCity On-Premises instance accessible over the network. Many TeamCity deployments are internet-facing to support remote development and CI/CD operations.

  2. Crafting the SSRF request: The attacker sends a request to the build status endpoint, supplying a URL pointing to an internal resource. No authentication credentials are needed.

  3. Server-side request execution: The TeamCity server processes the request and initiates an HTTP connection to the attacker-specified URL. Because the request originates from the TeamCity server itself, it bypasses network segmentation controls and firewalls that would normally block external access to internal services.

  4. Exploitation scenarios:

    • Internal network scanning: The attacker targets internal IP addresses and ports to identify live hosts and running services. Response timing and status codes reveal network topology even in blind SSRF scenarios.
    • Cloud metadata access: In cloud-hosted deployments (AWS, GCP, Azure), the attacker targets the metadata endpoint at 169.254.169.254 to retrieve instance credentials, IAM tokens, and configuration data. These credentials can enable privilege escalation within the cloud environment.
    • Credential harvesting: If the SSRF returns response content to the attacker (non-blind SSRF), internal service responses containing sensitive data can be exfiltrated directly.
    • Chaining with internal vulnerabilities: The SSRF serves as a pivot point to reach internal services such as databases, message queues, or internal APIs that may have their own exploitable weaknesses.

CVSS and Severity Context

The assigned CVSS score of 7.5 places this in the High severity range, consistent with an unauthenticated, network-exploitable vulnerability impacting confidentiality. The NVD record is currently marked as "Undergoing Enrichment," so the full CVSS vector string and CPE applicability statements have not yet been finalized. The final score may be adjusted once enrichment is complete.

Relationship to CVE-2026-44413

CVE-2026-49372 was published on the same day as CVE-2026-44413, a high-severity post-authentication vulnerability that allows authenticated users (including guest accounts if guest access is enabled) to expose parts of the TeamCity server API to unauthorized access. Both vulnerabilities are fixed in the same versions (2026.1 and 2025.11.5), and both affect only TeamCity On-Premises.

The key distinction is the authentication requirement. CVE-2026-49372 requires no authentication whatsoever, making it exploitable at scale using automated scanning tools. CVE-2026-44413 requires at least a guest-level account but potentially enables broader API access once an attacker has any foothold. Organizations should patch for both simultaneously.

AttributeCVE-2026-49372CVE-2026-44413
Vulnerability TypeSSRF (CWE-918)Auth bypass / API exposure (CWE-306)
Authentication RequiredNoYes (any authenticated user, including guest)
CVSS Score7.5High (undergoing NVD enrichment)
Attack VectorBuild status endpointServer API endpoints
Fixed In2026.1, 2025.11.52026.1, 2025.11.5
TeamCity Cloud AffectedNoNo

Architectural Pattern

This vulnerability fits into a recurring pattern in TeamCity's architecture. TeamCity's core function as a CI/CD orchestrator inherently requires it to make outbound network connections to repositories, build agents, notification systems, and deployment targets. This functional requirement creates a persistent attack surface for SSRF, as evidenced by five distinct SSRF-classified CVEs documented since 2020: CVE-2020-35667, CVE-2021-31910, CVE-2022-24333, CVE-2022-46830, and now CVE-2026-49372. Each successive vulnerability has been patched, but the recurrence suggests the root cause is architectural rather than incidental: the product's legitimate need for outbound connectivity creates an ongoing challenge for input validation at every point where URLs or network destinations are accepted from user-controlled input.

Affected Systems and Versions

The following TeamCity On-Premises versions are affected:

  • All JetBrains TeamCity On-Premises versions before 2026.1
  • All JetBrains TeamCity On-Premises versions before 2025.11.5 (in the 2025.x release line)

The vulnerability is fixed in:

  • TeamCity 2026.1
  • TeamCity 2025.11.5

TeamCity Cloud is not affected. JetBrains has confirmed that TeamCity Cloud deployments do not require any action for this vulnerability. Organizations should verify whether their deployment is On-Premises or Cloud before determining their exposure.

The vulnerability affects all TeamCity installations where the firewall permits inbound connections to the TeamCity server, particularly those that are internet-facing. Installations where build agents run on the same host as the TeamCity server may have additional exposure.

Vendor Security History

JetBrains TeamCity has accumulated a notable track record of security vulnerabilities, several of which have reached Critical severity and been exploited in the wild. The following table summarizes key CVEs from the JetBrains security fixes page:

CVEDescriptionSeverityFixed In
CVE-2026-44413Authenticated users could expose server API to unauthorized accessHigh2026.1, 2025.11.5
CVE-2026-28194Open redirect in React project creation flowMedium2025.11.3
CVE-2026-28195Missing authorization for project developers to add parametersMedium2025.11.3
CVE-2024-27198Authentication bypass allowing admin actionsCritical2023.11.4
CVE-2024-23917Authentication bypass leading to RCECritical2023.11.3
CVE-2023-42793Authentication bypass leading to RCE on TeamCity ServerCritical2023.05.4
CVE-2023-34218Bypass of permission checks allowing admin actionsCritical2023.05, 2022.10.4
CVE-2022-46830SSRF via custom STS endpointMedium2022.10.1
CVE-2022-25263OS command injection in Agent Push featureHigh2021.2.3
CVE-2022-24333Blind SSRF via XML-RPC callMedium2021.2
CVE-2021-31910Information disclosure via SSRFHigh2020.2.3
CVE-2020-35667Plugin SSRF potentially exposing user credentialsHigh2020.2.85695

The pattern of recurring authentication bypass and SSRF vulnerabilities across multiple years and major versions indicates that organizations running TeamCity On-Premises should maintain a rigorous patching cadence and defense-in-depth posture around their CI/CD infrastructure.

JetBrains TeamCity has been directly targeted by state-sponsored threat actors. APT29 (Cozy Bear) exploited CVE-2024-27198 in real-world campaigns. Trend Micro documented exploitation of TeamCity vulnerabilities leading to deployment of Jasmin ransomware, XMRig cryptocurrency miners, Cobalt Strike beacons, and SparkRAT backdoors. Darktrace observed rapid exploitation of CVE-2024-27198 across customer environments. According to Vectra AI, SSRF attacks broadly surged 452% in 2024, driven in part by AI-powered automation of vulnerability discovery and exploitation.

While no public proof-of-concept exploit or active exploitation of CVE-2026-49372 has been documented as of May 29, 2026, the unauthenticated nature of the vulnerability, the high value of CI/CD infrastructure as a target, and the demonstrated interest of sophisticated threat actors in TeamCity all suggest that exploitation attempts are likely in the near term.

References

Detect & fix
what others miss

Works with
  • GitHub
  • GitLab
  • Bitbucket
  • Azure DevOps Services
  • Jira
  • Linear
  • Slack
  • Security Compass
Security magnifying glass visualization