Exposures › CVE-2026-59792
JetBrains shipped an unpatched path traversal RCE in IntelliJ IDEA that allows remote code execution via project workspace ID handling.
This critical vulnerability (CVE-2026-59792) enables arbitrary code execution in JetBrains IntelliJ IDEA through a path traversal flaw in workspace ID handling, posing a severe risk to DIB organizations relying on JetBrains tools for development and code review. The vendor failed to patch the issue in versions prior to 2026.1.4 and 2026.2, creating a compliance gap for FedRAMP and NIST 800-171 requirements that mandate timely patching of critical vulnerabilities. DIB orgs must audit all JetBrains tool usage and enforce strict version controls to prevent exploitation.
Shame score — A critical RCE vulnerability in a widely-used development tool that was not patched in time, creating a significant security exposure for organizations relying on JetBrains products.
In JetBrains IntelliJ IDEA before 2026.1.4, 2026.2 code execution via path traversal in project workspace ID handling was possible
No correlated FedRAMP products.