In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin
A critical vulnerability in older versions of JetBrains IntelliJ IDEA, specifically within the Copyright plugin, allowed for remote code execution. Attackers could exploit a template injection flaw to run arbitrary code on a developer's machine when a specially crafted project file is opened.
In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin
IntelliJ IDEA users are at medium risk of local code execution if they open a malicious project file, potentially compromising their development environment.
Monitor & Review
Low severity — keep this CVE on your radar and patch during routine maintenance.
What should I do?
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
0
Affected Products
1
References
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
Exploitability
Impact