Cyber Resilience

CVE-2026-56142

Critical

Published: 19 June 2026

Published
19 June 2026
Modified
26 June 2026
KEV Added
Patch
CVSS Score v3.1 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0042 34.1th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-56142 is a critical-severity Improperly Controlled Modification of Dynamically-Determined Object Attributes (CWE-915) vulnerability in Jetbrains Hub. Its CVSS base score is 9.9 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 34.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 privilege escalation by attaching authentication details to accounts was possible

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1098 Account Manipulation Persistence
Adversaries may manipulate accounts to maintain and/or elevate access to victim systems.
Why these techniques?

Direct privilege escalation via attaching authentication details matches account manipulation (T1098) and exploitation for privilege escalation (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

Affected Assets

jetbrains
hub
2024.2.33606 — 2024.2.148429 · 2024.3.44799 — 2024.3.148430 · 2025.1.62455 — 2025.1.148120

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References