Cyber Resilience

CVE-2026-57926

Low

Published: 26 June 2026

Published
26 June 2026
Modified
27 June 2026
KEV Added
Patch
CVSS Score v3.1 2.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS Score 0.0018 7.6th percentile
Risk Priority 15 floored blend · peak EPSS

Summary

CVE-2026-57926 is a low-severity Prototype Pollution (CWE-1321) vulnerability in Jetbrains Youtrack. Its CVSS base score is 2.6 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 7.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

In JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vulnerable to a prototype pollution attack

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.007 JavaScript Execution
Adversaries may abuse various implementations of JavaScript for execution.
Why these techniques?

Prototype pollution in websandbox bridge of public-facing YouTrack app directly enables exploitation of the application and facilitates JavaScript-based attacks.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-49368Same product: Jetbrains Youtrack
CVE-2026-57923Same product: Jetbrains Youtrack
CVE-2026-57921Same product: Jetbrains Youtrack
CVE-2026-33392Same product: Jetbrains Youtrack
CVE-2026-49370Same product: Jetbrains Youtrack
CVE-2024-50582Same product: Jetbrains Youtrack
CVE-2021-25765Same product: Jetbrains Youtrack
CVE-2022-24442Same product: Jetbrains Youtrack
CVE-2021-25770Same product: Jetbrains Youtrack
CVE-2024-54154Same product: Jetbrains Youtrack

Affected Assets

jetbrains
youtrack
≤ 2026.2.16593

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References