High-Severity Security Issue Affecting TeamCity On-Premises (CVE-2026-44413) – Update to 2026.1 Now | The TeamCity Blog

A high-severity security vulnerability, identified as CVE-2026-44413, has been discovered in TeamCity On-Premises, potentially allowing authenticated users to expose parts of the server API to unauthorized users. This issue affects all versions up to 2025.11.4 and has been resolved in version 2026.1. Users are strongly encouraged to update to the latest version or apply a security patch plugin if upgrading is not possible. TeamCity Cloud is not impacted, and no action is required for its users. The vulnerability, which was confidentially reported by Martin Orem, involves post-authentication privilege escalation and can be mitigated by securing internet-facing servers with additional layers such as VPNs. Users are advised to restrict network access to essential ports and run servers on dedicated hosts to prevent exploitation. For support and further guidance, users can contact the TeamCity Support team.