Vulnerability intelligence
CVE-2024-27199
JetBrains TeamCity Relative Path Traversal Vulnerability
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible
CVSS Score
7.3
High
EPSS — Exploit Probability
91%
Riskier than 100% of all CVEs
Exploitation
Confirmed in the wild
Used in ransomware campaigns
Remediation
Patch available
Federal deadline 2026-05-04
CISA required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Deadline for federal agencies: 2026-05-04.
5 articles across 5 outlets · first covered Apr 21, 2026 · latest Apr 21, 2026
Associated threat actors
Coverage timeline
-
CISA Adds Cisco SD WAN, Zimbra XSS Flaws to KEV Catalogwww.securityweek.com · Apr 21, 2026
-
CISA adds weaponised PaperCut, TeamCity flaws to KEV catalogsecurityaffairs.com · Apr 21, 2026
-
CISA adds eight KEV flaws, Cisco SDWAN bugs actively exploitedthehackernews.com · Apr 21, 2026
-
CISA Adds Critical JetBrains TeamCity Flaw to KEV Cataloguewww.cisa.gov · Apr 21, 2026
-
CISA Adds Critical JetBrains TeamCity Flaw to KEV Cataloguecisa.gov · Apr 21, 2026