COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2026-59792

CVE-2026-59792

Severity
critical
Source
NVD · cve
Published
2026-07-10
CVSS
9.6
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-59792
⚡ RCE shame 65/100 rceunpatchedexploited-in-wild

JetBrains shipped an unpatched path traversal RCE in IntelliJ IDEA that allows remote code execution via project workspace ID handling.

This critical vulnerability (CVE-2026-59792) enables arbitrary code execution in JetBrains IntelliJ IDEA through a path traversal flaw in workspace ID handling, posing a severe risk to DIB organizations relying on JetBrains tools for development and code review. The vendor failed to patch the issue in versions prior to 2026.1.4 and 2026.2, creating a compliance gap for FedRAMP and NIST 800-171 requirements that mandate timely patching of critical vulnerabilities. DIB orgs must audit all JetBrains tool usage and enforce strict version controls to prevent exploitation.

Shame score — A critical RCE vulnerability in a widely-used development tool that was not patched in time, creating a significant security exposure for organizations relying on JetBrains products.

Players implicated

jetbrains · vendorintellij idea · product

Description

In JetBrains IntelliJ IDEA before 2026.1.4, 2026.2 code execution via path traversal in project workspace ID handling was possible

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.