In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion
A command injection vulnerability was discovered in JetBrains IntelliJ IDEA, affecting versions prior to 2026.1.1. This flaw allowed for the execution of arbitrary commands through the filename completion feature. Exploitation typically requires local user interaction, such as opening a project or file with a specially crafted filename.
In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion
Local users of JetBrains IntelliJ IDEA are at high risk of command execution if they interact with specially crafted filenames.
Remediation Recommended
This vulnerability carries significant risk. Schedule patching in your next cycle.
What should I do?
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0
Affected Products
1
References
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability
Impact