TeamCity vulnerabilities: known CVEs & security history
JetBrains · Actively exploited · 269 tracked CVEs · 3 actively exploited · updated June 2026 · what is a CVE? →
This is the full list of known vulnerabilities (CVEs) across all TeamCity release lines — 269 in total, with 3 actively exploited in the wild. A CVE here doesn't mean your version is affected — check TeamCity's current status and the safe version to run.
Known TeamCity CVEs
Actively-exploited and most-severe first. Showing the top 80 of 269. Open any CVE for full details.
| CVE | Severity | CVSS | EPSS | Year |
|---|---|---|---|---|
| CVE-2024-27198⚡ exploited | critical | 9.8 | 100% | 2024 |
| CVE-2023-42793⚡ exploited | critical | 9.8 | 100% | 2023 |
| CVE-2024-27199⚡ exploited | high | 7.3 | 100% | 2024 |
| CVE-2024-23917 | critical | 9.8 | 54% | 2024 |
| CVE-2022-25263 | critical | 9.8 | 2% | 2022 |
| CVE-2022-24340 | critical | 9.8 | 1% | 2022 |
| CVE-2022-24331 | critical | 9.8 | 1% | 2022 |
| CVE-2021-43202 | critical | 9.8 | 1% | 2021 |
| CVE-2021-43200 | critical | 9.8 | 1% | 2021 |
| CVE-2021-43193 | critical | 9.8 | 2% | 2021 |
| CVE-2021-37544 | critical | 9.8 | 1% | 2021 |
| CVE-2021-31915 | critical | 9.8 | 3% | 2021 |
| CVE-2021-31914 | critical | 9.8 | 2% | 2021 |
| CVE-2021-31909 | critical | 9.8 | 3% | 2021 |
| CVE-2019-18364 | critical | 9.8 | 3% | 2019 |
| CVE-2019-12157 | critical | 9.8 | 2% | 2019 |
| CVE-2019-15039 | critical | 9.8 | 13% | 2019 |
| CVE-2023-34218 | critical | 9.1 | 1% | 2023 |
| CVE-2022-24342 | high | 8.8 | 3% | 2022 |
| CVE-2021-31912 | high | 8.8 | 1% | 2021 |
| CVE-2020-15825 | high | 8.8 | 1% | 2020 |
| CVE-2026-44413 | high | 8.2 | 0% | 2026 |
| CVE-2024-36470 | high | 8.1 | 0% | 2024 |
| CVE-2022-24335 | high | 8.1 | 1% | 2022 |
| CVE-2025-59457 | high | 7.7 | 1% | 2025 |
| CVE-2025-54531 | high | 7.7 | 0% | 2025 |
| CVE-2025-26492 | high | 7.7 | 0% | 2025 |
| CVE-2026-49374 | high | 7.6 | 0% | 2026 |
| CVE-2026-49372 | high | 7.5 | 0% | 2026 |
| CVE-2025-57732 | high | 7.5 | 0% | 2025 |
| CVE-2025-54530 | high | 7.5 | 0% | 2025 |
| CVE-2024-43114 | high | 7.5 | 0% | 2024 |
| CVE-2022-25264 | high | 7.5 | 1% | 2022 |
| CVE-2022-24341 | high | 7.5 | 1% | 2022 |
| CVE-2021-43196 | high | 7.5 | 1% | 2021 |
| CVE-2021-37548 | high | 7.5 | 1% | 2021 |
| CVE-2021-37545 | high | 7.5 | 1% | 2021 |
| CVE-2021-31913 | high | 7.5 | 1% | 2021 |
| CVE-2021-31910 | high | 7.5 | 1% | 2021 |
| CVE-2021-26310 | high | 7.5 | 2% | 2021 |
| CVE-2021-25776 | high | 7.5 | 1% | 2021 |
| CVE-2020-35667 | high | 7.5 | 1% | 2021 |
| CVE-2020-11688 | high | 7.5 | 1% | 2020 |
| CVE-2020-11687 | high | 7.5 | 1% | 2020 |
| CVE-2020-7909 | high | 7.5 | 1% | 2020 |
| CVE-2019-15042 | high | 7.5 | 1% | 2019 |
| CVE-2019-15038 | high | 7.5 | 1% | 2019 |
| CVE-2019-12841 | high | 7.5 | 1% | 2019 |
| CVE-2024-41827 | high | 7.4 | 0% | 2024 |
| CVE-2024-31136 | high | 7.4 | 1% | 2024 |
| CVE-2019-15036 | high | 7.2 | 2% | 2019 |
| CVE-2026-49373 | high | 7.1 | 0% | 2026 |
| CVE-2026-49371 | high | 7.1 | 0% | 2026 |
| CVE-2024-36365 | medium | 6.8 | 0% | 2024 |
| CVE-2024-31137 | medium | 6.8 | 0% | 2024 |
| CVE-2022-46831 | medium | 6.6 | 0% | 2022 |
| CVE-2026-49379 | medium | 6.5 | 0% | 2026 |
| CVE-2026-49376 | medium | 6.5 | 0% | 2026 |
| CVE-2025-68267 | medium | 6.5 | 0% | 2025 |
| CVE-2025-24461 | medium | 6.5 | 0% | 2025 |
| CVE-2024-36377 | medium | 6.5 | 0% | 2024 |
| CVE-2024-36376 | medium | 6.5 | 0% | 2024 |
| CVE-2024-36364 | medium | 6.5 | 0% | 2024 |
| CVE-2024-36362 | medium | 6.5 | 1% | 2024 |
| CVE-2024-31134 | medium | 6.5 | 0% | 2024 |
| CVE-2015-1313 | medium | 6.5 | 1% | 2023 |
| CVE-2022-44624 | medium | 6.5 | 1% | 2022 |
| CVE-2022-44623 | medium | 6.5 | 1% | 2022 |
| CVE-2022-24337 | medium | 6.5 | 1% | 2022 |
| CVE-2022-24333 | medium | 6.5 | 1% | 2022 |
| CVE-2020-15828 | medium | 6.5 | 1% | 2020 |
| CVE-2020-11689 | medium | 6.5 | 1% | 2020 |
| CVE-2024-41824 | medium | 6.4 | 0% | 2024 |
| CVE-2024-56351 | medium | 6.3 | 0% | 2024 |
| CVE-2026-49375 | medium | 6.1 | 0% | 2026 |
| CVE-2024-31135 | medium | 6.1 | 0% | 2024 |
| CVE-2022-25261 | medium | 6.1 | 1% | 2022 |
| CVE-2022-24338 | medium | 6.1 | 1% | 2022 |
| CVE-2022-24330 | medium | 6.1 | 1% | 2022 |
| CVE-2021-43197 | medium | 6.1 | 1% | 2021 |
189 older / lower-severity CVEs not shown — see TeamCity's full record.
Is my TeamCity version affected?
The list above spans every release. To know whether your version is affected — and the minimum safe version to upgrade to — check it directly.
Check your TeamCity version → · Monitor TeamCity for new CVEs →
TeamCity vulnerabilities — frequently asked
How many known vulnerabilities does TeamCity have?
IsItPatched tracks 269 CVEs for TeamCity, 3 of which are actively exploited (CISA KEV). 17 are critical-severity and 36 high-severity. These span every release line — what matters is whether the version you run is affected.
Does TeamCity have any actively-exploited vulnerabilities?
Yes — 3 TeamCity CVEs are in CISA's Known Exploited Vulnerabilities catalog, meaning they are confirmed exploited in the wild (3 linked to ransomware). Patch these as a priority.
What is the most severe TeamCity vulnerability?
Among tracked issues, CVE-2024-27198 (CRITICAL, CVSS 9.8), which is actively exploited, ranks highest — a CWE-288 weakness.
Is TeamCity safe to use?
It depends on the version. The latest supported TeamCity release clears the known issues; older versions may still be affected. Check the exact version you run for a verdict.
CVE data aggregated from NVD, CISA KEV and EPSS (FIRST.org). Related: TeamCity security status · TeamCity end-of-life · actively-exploited CVEs. Always verify against JetBrains's advisories — see our disclaimer.