CVE-2026-56141
Published: 19 June 2026
Summary
CVE-2026-56141 is a critical-severity PRNG (CWE-338) vulnerability in Jetbrains Hub. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Valid Accounts (T1078); ranked at the 28.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-38006
Vulnerability details
In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 account takeover via predictable restore codes was possible
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Predictable restore codes directly enable unauthorized account access (T1078 Valid Accounts); the flaw exists in a public-facing auth service (T1190 Exploit Public-Facing Application).
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Security associations share details on cryptographically weak PRNGs, helping avoid their implementation in security-critical functions.
Cryptographic key management standards require cryptographically strong PRNGs for key material, blocking use of weak generators.