A security vulnerability in YouTrack came to light in March 2026, and we fixed it immediately. Most of you don't need to do anything, but we want to keep you informed. For most YouTrack administrators, this is purely an informational post.

JetBrains is a software development company known for its suite of developer tools, including integrated development environments (IDEs) such as IntelliJ IDEA, PyCharm, and WebStorm. Through its platform, JetBrains provides developers with powerful tools for coding, debugging, and collaboration, across a wide range of programming languages and frameworks. From their blog developers can learn about JetBrains' IDE features, productivity tips, and best practices for using its tools effectively to streamline their development workflows and boost productivity.

JetBrains

JetBrains has disclosed a security vulnerability (CVE-2026-33392) in YouTrack affecting all versions before 2025.3.132953. The issue, a sandbox bypass enabling code execution, was reported by a security researcher in March 2026 and patched within 48 hours. YouTrack Cloud has already been updated and no evidence of exploitation was found. YouTrack Server administrators running versions older than 2025.3.132953 are advised to upgrade immediately. The vulnerability required administrator-level permissions to exploit and, on Cloud, could allow bypassing cross-tenant isolation boundaries.

Security Issue in YouTrack (CVE-2026-33392): Upgrade Recommended for Server Versions Before 2025.3.132953

Action required from YouTrack Server administrators