Platform
jetbrains
Component
jetbrains-hub
Fixed in
2025.3.119807
CVE-2026-25848 describes an authentication bypass vulnerability in JetBrains Hub. This flaw allows an attacker to perform administrative actions without proper authentication, potentially leading to significant data compromise and system control. The vulnerability affects versions prior to 2025.3.119807, and a patch is available in version 2025.3.119807.
The authentication bypass vulnerability in JetBrains Hub poses a severe risk. An attacker exploiting this flaw could gain unauthorized access to administrative functionalities, enabling them to modify user accounts, access sensitive data, and potentially compromise the entire system. This could result in data breaches, denial of service, and complete control over the Hub instance. The impact is particularly concerning for organizations relying on JetBrains Hub for project management and collaboration, as attackers could manipulate projects, steal intellectual property, or disrupt development workflows. The ability to bypass authentication effectively removes a critical security layer, making the system highly vulnerable to malicious actors.
CVE-2026-25848 was publicly disclosed on February 9, 2026. The CVSS score of 9.1 (CRITICAL) indicates a high probability of exploitation. No public proof-of-concept (PoC) code has been released at the time of writing, but the severity of the vulnerability suggests that attackers are likely actively seeking to exploit it. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.00% (0% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-25848 is to immediately upgrade JetBrains Hub to version 2025.3.119807 or later. If upgrading is not immediately feasible, consider implementing stricter access controls and multi-factor authentication (MFA) to limit the potential impact of a successful attack. Review existing user permissions and remove any unnecessary administrative privileges. Monitor JetBrains Hub logs for suspicious activity, particularly failed login attempts and unusual administrative actions. While a direct workaround is unavailable, enhanced monitoring and access control can reduce the attack surface.
Update JetBrains Hub to version 2025.3.119807 or later. This update fixes the authentication bypass vulnerability that allows administrative actions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-25848 is a critical vulnerability in JetBrains Hub allowing attackers to bypass authentication and perform administrative actions without proper credentials. It affects versions 0–2025.3.119807 and carries a CVSS score of 9.1.
If you are running JetBrains Hub versions prior to 2025.3.119807, you are vulnerable to this authentication bypass. Check your current version and upgrade immediately.
The recommended fix is to upgrade JetBrains Hub to version 2025.3.119807 or later. This patch addresses the authentication bypass vulnerability.
While no public exploits are currently available, the high CVSS score and the nature of the vulnerability suggest that attackers are likely actively seeking to exploit it. Proactive patching is crucial.
Refer to the official JetBrains security advisory for CVE-2026-25848 on the JetBrains website: [https://www.jetbrains.com/security/advisories/]
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.