The critical security vulnerability discovered in TeamCity allows unauthenticated attackers to execute arbitrary code, compromising the integrity of software releases and impacting all downstream users. The vulnerability was fixed with TeamCity version 2023.05.4, which removes a wildcard expression that enables bypassing authentication checks for requests ending with "/RPC2". This exploitation could have been carried out due to an oversight in global request interceptors being considered as part of the exposed attack surface.