Cyber Resilience

CVE-2026-49382

Medium

Published: 29 May 2026

Published
29 May 2026
Modified
01 June 2026
KEV Added
Patch
CVSS Score v3.1 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
EPSS Score 0.0014 3.3th percentile
Risk Priority 9 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-49382 is a medium-severity Improper Neutralization of Special Elements Used in a Template Engine (CWE-1336) vulnerability in Jetbrains Intellij Idea. Its CVSS base score is 4.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Template Injection (T1221); ranked at the 3.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1221 Template Injection Stealth
Adversaries may create or modify references in user document templates to conceal malicious code or force authentication attempts.
Why these techniques?

Explicit template injection leading to code execution directly matches T1221.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

Affected Assets

jetbrains
intellij idea
≤ 2026.1

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References