Security Issue in YouTrack (CVE-2026-33392): Upgrade Recommended for Server Versions Before 2025.3.132953 | The YouTrack Blog

In March 2026, a security vulnerability identified as CVE-2026-33392 was discovered in YouTrack, affecting all versions prior to 2025.3.132953. This flaw, a sandbox bypass allowing potential code execution, required administrator-level permissions to exploit and was particularly significant for YouTrack Cloud, where it could breach cross-tenant isolation on shared hardware. YouTrack Server, being single-tenant, faced less risk as it lacked tenant boundaries, though permission escalation within administrative roles was possible. Mitigation measures were swiftly implemented, with YouTrack Cloud patched within 48 hours and YouTrack Server fixes included from version 2025.3.132953 onwards. Administrators of YouTrack Server running older versions are advised to upgrade promptly, though there is no evidence of the vulnerability being exploited. Users can find detailed security updates and subscribe to notifications on JetBrains' website.