Executive Summary
A critical vulnerability, CVE-2026-59792, was discovered in JetBrains IntelliJ IDEA, which allows for code execution via path traversal in project workspace ID handling. This vulnerability affects users of IntelliJ IDEA versions before 2026.1.4 and 2026.2, with a CVSS score of 9.6, indicating a high severity level.
Technical Analysis
The vulnerability is classified as a path traversal issue, specifically CWE-23. It is located in the project workspace ID handling component of IntelliJ IDEA. The attack vector is network-based (AV:N), with low attack complexity (AC:L) and no privileges required (PR:N). User interaction (UI) is required for the attack to be successful.
How It Gets Exploited
An attacker would need to send a crafted request to the IntelliJ IDEA instance, potentially via a malicious project workspace ID. The specific action that triggers the vulnerability involves handling a project workspace ID that exploits the path traversal weakness, allowing for code execution. The attacker would gain the ability to execute code on the vulnerable system, potentially leading to arbitrary code execution, data breaches, or other malicious activities.
Impact Assessment
The vulnerability affects JetBrains IntelliJ IDEA versions before 2026.1.4 and 2026.2. Successful exploitation could lead to arbitrary code execution (RCE), data exfiltration, or other malicious outcomes. The CVSS score of 9.6 indicates a critical severity level, with high impacts on confidentiality, integrity, and low impact on availability.
Recommended Actions
To mitigate this vulnerability, users of JetBrains IntelliJ IDEA should update to version 2026.1.4 or later, or 2026.2 or later. Additionally, users should:
- Ensure that IntelliJ IDEA instances are updated to a patched version.
- Monitor project workspace IDs for suspicious activity.
- Implement network segmentation or firewalls to limit access to IntelliJ IDEA instances.
Detection guidance: Monitor for unusual project workspace ID handling activity, and implement WAF rules to detect and prevent suspicious requests.
Sources
- National Vulnerability Database (NVD)
- JetBrains Vendor Advisory