JetBrains IntelliJ IDEA
Moderate fix5 remedies
cpe:2.3:a:jetbrains:intellij_idea:*:*:*:*:*:*:*
Moderate fix5 remedies
- < 2024.3.7.1
- < 2025.1.7.1
- < 2025.2.6.2
- < 2025.3.4.1
- < 2026.1.1
JetBrains IntelliJ IDEA Path Traversal Vulnerability Allowing Arbitrary File Read via Built-in Web Server
Vulnerability
Patched
A vulnerability in JetBrains IntelliJ IDEA versions prior to 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1 and 2026.1.1 allows for arbitrary file reading. This issue arises from a path traversal vulnerability that can be exploited through the application's built-in web server.
Impact
Exploitation of this vulnerability could lead to unauthorized access to local files, potentially disclosing sensitive information.
Reproduction
To reproduce this vulnerability, start IntelliJ IDEA and open a project. Then, enable the built-in web server feature. Once the server is running, send a request that exploits the path traversal vulnerability to access arbitrary local files. This can be done by manipulating the request to include traversal sequences that bypass normal file access restrictions.
Remediation
Users can update to IntelliJ IDEA versions 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1 or 2026.1.1 to address this vulnerability.
Added: Apr 30, 2026, 12:19 PM
Updated: Apr 30, 2026, 12:19 PM
Vulnerability Rating
Custom Algorithm
spread
7.8impact
2.5exploitability
5.0remediation
7.7relevance
7.1threat
1.6urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.