Primary

Context

JetBrains YouTrack Remote Code Execution Vulnerability via Sandbox Bypass

Vulnerability

Patched

A remote code execution vulnerability has been identified in JetBrains YouTrack versions prior to 2025.3.131383. This vulnerability allows high-privileged users to execute arbitrary code by bypassing the sandbox restrictions in notification templates.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where YouTrack is hosted.

Remediation

Users can update to YouTrack version 2025.3.131383 or later to address this vulnerability.

Added: Apr 17, 2026, 8:21 AM

Updated: Apr 17, 2026, 8:21 AM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

10.0

exploitability

4.2

remediation

7.7

relevance

6.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

10.0

exploitability

4.2

remediation

7.7

relevance

6.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

JetBrains YouTrack Remote Code Execution Vulnerability via Sandbox Bypass

Vulnerability

Impact

Remediation

Affected Products

JetBrains YouTrack

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating