Cyber Resilience

CVE-2026-53915

HighUpdated

Published: 19 June 2026

Published
19 June 2026
Modified
26 June 2026
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
EPSS Score 0.0025 16.6th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-53915 is a high-severity External Control of File Name or Path (CWE-73) vulnerability in Jetbrains Goland. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 16.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

In JetBrains GoLand before 2026.1.3 remote code execution was possible via untrusted project configuration

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Untrusted project config leading to RCE in desktop IDE directly matches client application exploitation for code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

Affected Assets

jetbrains
goland
≤ 2026.1.3

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-73

Rejects externally supplied file or resource identifiers that fail validity checks.

References