CVE-2026-49382
Medium
Published: 29 May 2026
Published
29 May 2026
Modified
01 June 2026
KEV Added
—
Patch
—
CVSS Score v3.1
4.5
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
EPSS Score
0.0014
3.3th percentile
Risk Priority
9
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2026-49382 is a medium-severity Improper Neutralization of Special Elements Used in a Template Engine (CWE-1336) vulnerability in Jetbrains Intellij Idea. Its CVSS base score is 4.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Template Injection (T1221); ranked at the 3.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-33390
Vulnerability details
In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
T1221 Template Injection Stealth
Adversaries may create or modify references in user document templates to conceal malicious code or force authentication attempts.
Why these techniques?
Explicit template injection leading to code execution directly matches T1221.
Confidence: HIGH · MITRE ATT&CK Enterprise v18.1
Affected Assets
jetbrains
intellij idea
≤ 2026.1
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.