CVE-2026-49369 is an authorization vulnerability (CWE-863) in JetBrains YouTrack that allows unauthorized information disclosure on the Users and Groups pages in versions prior to 2026.1.13162. The vulnerability enables an attacker with low privileges (PR:L) and no user interaction (UI:N) to access confidential information over the network (AV:N). The impact is limited to confidentiality (C:L) without affecting integrity or availability. The CVSS score of 4.3 reflects this limited impact. No official patch or remediation details are provided in the available data, and no exploits have been observed in the wild.

The vulnerability allows unauthorized disclosure of information related to Users and Groups within JetBrains YouTrack, potentially exposing sensitive user data. The impact is limited to confidentiality with no direct effect on system integrity or availability. Since the vulnerability requires low privileges and no user interaction, it could be exploited remotely by an authenticated user with limited access. However, no known exploits are currently reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. The issue is fixed in JetBrains YouTrack version 2026.1.13162, so upgrading to this or a later version is recommended once available. Until an official fix is confirmed, restrict access to the Users and Groups pages to trusted users only and monitor for any unusual access patterns related to these pages.