CVE-2026-49383

In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible

LOWMonitor

Published:May 29, 2026(3 days ago)

Modified:May 29, 2026

Local AccessNo Auth RequiredLow Complexity

AI Explanation

This is an XML External Entity (XXE) vulnerability affecting JetBrains IntelliJ IDEA's UI Designer form parser. A local attacker could craft a malicious XML file that, when parsed, might lead to information disclosure or server-side request forgery.

▶Show original NVD description

In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible

Users of JetBrains IntelliJ IDEA before version 2026.1 are at low risk of information disclosure or SSRF if they process malicious UI Designer forms locally.

Local AccessLow ComplexityNo Auth NeededUser Interaction Required

Monitor & Review

Low severity — keep this CVE on your radar and patch during routine maintenance.

Patch Status:Not Available

What should I do?

No official patch is available yet — apply vendor workarounds if provided.
Review the affected versions below to confirm your exposure.
Monitor this CVE for patch releases and apply them as soon as available.

How to Fix

1Upgrade JetBrains IntelliJ IDEA to version 2026.1 or newer. 2. Avoid opening or processing untrusted UI Designer form files from unknown sources.

Timeline

Published
CVE disclosed publicly
May 29, 20263 days ago
Last Modified
Most recent update
May 29, 20263 days ago
Indexed to CVEInsight
Added to this platform
May 29, 20262 days ago

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS Score

v3.1

3.3/ 10.0

LOW

AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

At a Glance

Affected Products

References

CVE-2026-49383

AI Explanation

How to Fix

Timeline

References

CVSS Score

At a Glance

Official Sources

CVSS v3 Vector

Impact Analysis

CVE-2026-49383

✦ AI Explanation

How to Fix

Timeline

References

CVSS Score

At a Glance

Official Sources

CVSS v3 Vector

Impact Analysis

AI Explanation