CVE-2026-49384 MEDIUM

CVE-2026-49384

Vendor Jetbrains
Product PyCharm
Weakness CWE-79 · XSS
Published May 29, 2026
Last update May 29, 2026
View on NVD All CVEs

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible

Key dates

02Disclosure timeline

May 29, 2026 CVE published
May 29, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-4839 WP Go Maps <= 9.0.32 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2025-59412 CubeCart Vulnerable to HTML Injection in Product Reviews Allows Malicious Links and Defacement CVE-2022-29406 WordPress Team Manager plugin <= 1.6.9 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities CVE-2023-5120 Migration, Backup, Staging – WPvivid <= 0.9.89 - Authenticated Stored Cross-Site Scripting CVE-2024-37166 ghtml Cross-Site Scripting (XSS) vulnerability