HIGH 7.8

CVE-2026-49366: IntelliJ IDEA Command Injection via Filename Completion

JetBrains IntelliJ IDEA contains a command injection vulnerability in its filename completion feature that could allow an attacker to execute arbitrary commands on a developer's machine. The vulnerability requires local access and user interaction—specifically, a user must interact with the filename completion mechanism—but once triggered, it grants full system access with the privileges of the user running the IDE. This affects versions before 2026.1.1.

Source data · NVD / CISA · public domain

CVSS
3.1 · 7.8 HIGH · CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Weaknesses (CWE)
CWE-78
Affected products
1 configuration(s)
Published / Modified
2026-05-29 / 2026-06-17

NVD description (verbatim)

In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion

1 reference(s) · View on NVD →

SEC.co analysis · AI-assisted, reviewed against source

Technical summary

CVE-2026-49366 is a local command injection vulnerability (CWE-78) in IntelliJ IDEA's filename completion subsystem. The flaw arises from insufficient input sanitization when processing file completion suggestions, permitting shell metacharacter injection. An attacker can craft a malicious filename or directory structure that, when the victim invokes code completion, executes arbitrary shell commands in the context of the IDE process. The attack surface is limited to local users with filesystem write access to locations the developer may browse during editing sessions.

Business impact

For organizations employing IntelliJ IDEA across development teams, this vulnerability poses a containment risk: a compromised developer machine can become an entry point for lateral movement, intellectual property theft, or supply chain attacks if the developer has access to version control systems or internal repositories. The impact is especially acute in environments where developers run the IDE with elevated privileges or where IDE processes have access to credentials, API keys, or sensitive build artifacts. Prompt patching reduces the window of exposure.

Affected systems

JetBrains IntelliJ IDEA releases prior to 2026.1.1 are affected. This includes all 2026.1.0 and earlier versions within the 2026 release cycle, as well as all prior major versions (2025, 2024, etc.) unless they have received backported security updates. Organizations should verify their installed version against the JetBrains advisory to confirm exposure.

Exploitability

Exploitability is moderate. The attack requires local code execution capability or social engineering a developer to open a specially crafted project directory. It is not remotely exploitable over the network in its base form. However, the requirement for user interaction (triggering filename completion) is relatively low friction—developers routinely use autocomplete during normal editing workflows. No public exploit code has been added to CISA's Known Exploited Vulnerabilities catalog, though the attack technique is straightforward once a malicious project structure is in place.

Remediation

Upgrade IntelliJ IDEA to version 2026.1.1 or later. JetBrains has patched the filename completion input validation to reject or properly escape shell metacharacters. Organizations should prioritize this patch for development machines, especially those handling sensitive projects or with access to production infrastructure.

Patch guidance

Download and install IntelliJ IDEA 2026.1.1 or a later release from the official JetBrains website. The IDE's built-in update mechanism can be used: Help > Check for Updates (or equivalent in your IDE layout). Verify the patch version in Help > About before resuming work. For air-gapped environments, download the installer directly from JetBrains and deploy via your internal software distribution channels. Users on earlier major version lines should consult the JetBrains advisory to confirm whether backports are available.

Detection guidance

Monitor for suspicious child process spawning from IntelliJ IDEA processes (java.exe or idea.exe on Windows; java on Unix-like systems). Look for command-line arguments containing shell metacharacters (pipe, semicolon, backtick, $()) originating from the IDE process. Endpoint detection and response (EDR) tools should alert on any unexpected command execution initiated by the IDE. On development machines, audit filesystem write access to project directories by non-developers. Review IDE project files (.idea directory) for embedded shell commands in configuration or file references.

Why prioritize this

Despite not appearing on CISA's KEV list, this vulnerability merits urgent attention due to its HIGH CVSS score (7.8), the prevalence of IntelliJ IDEA in enterprise development environments, and the trivial user interaction barrier. Command injection on a developer machine creates outsized risk because developers often have elevated access and interact with sensitive systems. The local-only requirement prevents immediate widespread remote exploitation but does not diminish the need for rapid patching within your development team.

Risk score, explained

The CVSS 3.1 score of 7.8 (HIGH) reflects: (1) Local attack vector (AV:L)—limiting but not negating risk; (2) Low attack complexity (AC:L)—straightforward exploitation technique; (3) No privilege escalation required (PR:N); (4) User interaction needed (UI:R)—developers use autocomplete routinely, making this a low barrier; (5) High impact across confidentiality, integrity, and availability (C:H/I:H/A:H)—full system compromise. The score appropriately weights the severity of command execution against the local-only scope.

Frequently asked questions

Is this a remote vulnerability?

No. CVE-2026-49366 requires local access to the developer's machine or social engineering to open a malicious project. It cannot be exploited remotely over the network in isolation. However, once a developer opens a crafted project, arbitrary command execution on that machine is possible.

Do I need to upgrade if I run IntelliJ IDEA in a container or VM?

Yes. The vulnerability exists within the IntelliJ IDEA process regardless of the hosting environment. A containerized or virtualized IDE is still vulnerable if the version is below 2026.1.1. If the container image or VM snapshot contains an older version, update it and redeploy.

Will my plugins or customizations be affected by the upgrade to 2026.1.1?

Most plugins and customizations should remain compatible with the 2026.1.1 patch release. Patch releases typically focus on bug fixes and security updates with minimal breaking changes. Before updating production workflows, test in a non-critical environment if you rely on specialized plugins.

What if I cannot upgrade immediately?

Mitigate by restricting project file sources—only open projects from trusted repositories and code review processes. Use filesystem access controls to limit write access to project directories. Monitor IDE process behavior with EDR tools. However, these are interim measures; patching is the definitive fix.

This analysis is based on the CVE record and JetBrains vendor advisory available as of the publication date. Specific affected versions, patch details, and timeline information should be verified against the official JetBrains security advisory at jetbrains.com/support/security. SEC.co makes no warranty regarding the completeness or applicability of this guidance to any specific environment. Organizations must conduct independent risk assessments and testing before deploying patches. This page does not constitute security advice for your particular deployment and should be reviewed by qualified security professionals within your organization. Source: NVD (public-domain), retrieved 2026-07-08. Analysis generated by SEC.co (claude-haiku-4-5).