This vulnerability (CVE-2026-41882) in JetBrains IntelliJ IDEA involves the ability to read arbitrary local files through the built-in web server component. It affects multiple versions prior to specified 2024 and 2025 releases. The issue is categorized under CWE-59, which relates to improper link resolution before file access, potentially allowing unauthorized disclosure of local files. The CVSS 3.1 base score is 7.4, with network attack vector, low attack complexity, no privileges required, user interaction required, scope changed, and high confidentiality impact. No official patch or remediation level has been published by JetBrains as of the data provided.

Successful exploitation allows an attacker to read arbitrary local files on the affected system via the built-in web server, leading to a high confidentiality impact. Integrity and availability are not affected. This could expose sensitive information stored locally within the IntelliJ IDEA environment or the host system. No known exploits in the wild have been reported to date.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or remediation level is provided, users should monitor JetBrains advisories for updates. Until a patch is available, consider restricting access to the built-in web server or limiting network exposure to trusted users only.